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IPv6: At the Starting Line 

Although IPv6 is the protocol of the future, you probably haven’t started 
migrating your company’s network to this new protocol. This article ex- 
plains why it’s not too early to start planning this migration and explains 
how IPv6 remedies many of the inadequacies of IPv4. 


NDS and DHCP: Configuring DHCP for a 

Complex Environment 

The last issue of NetWare Connection explained how to set up a basic 
Dynamic Host Configuration Protocol (DHCP) service with NetWare 5. 
(See “NDS and DHCP: Configuring the DHCP Service in NetWare 5,” 
Apr. 1999, pp. 18-26.) The article in this issue explains how to con- 
figure the NetWare 5 DHCP service to accommodate a more complex 
environment. 


CNE of the Year, Tom Waknitz 

Novell Education presented the first CNE of the Year award to Tom Wak- 
nitz at BrainShare 99 in Salt Lake City. Find out what this talented CNE 
has accomplished and what he has to say about Novell certification. 


NDS 8: Rev Up Your Directory Tree 

NDS 8, the newest version of Novell Directory Services (NDS), is cur- 
rently in beta testing. This highly scalable solution can support one bil- 

lion objects (or more) in one directory tree, making NDS the only direc- 
tory you need for enterprise networks, extranets, and the Internet. Find 

out what enhancements Novell has made to its already powerful directory. 


| Graphic Designer 

: Jessica Chen 

: Technical Reviewer 

» Mickey Applebaum 

| Publisher 

Ted Lloyd 

| Central Sales Manager 
: Brian Smith 

| Eastern Sales Manager 
: Steve Branda 

| Northwestern Sales Manager 
_ Steve Sansevere 


: Southwestern Sales Manager 
: Kaye Young 

| Circulation 

: BDI Fulfillment 


_ To Subscribe or to Make 

| Address Changes 

_ Subscribe online at http://www.nwconnection. 
: com/subscriptions, and send address changes to 
: address@nwconnection.com. 

© Phone: 1-801-465-4768 

| Fax: 1-801-465-4755 


GET TO KNOW THE TECHIES IN YOUR NEIGHBORHOOD 


1a ed ob os ch, 


42 Network Management Products 


visit 


s 


Who are the technical experts in your neighbor- products and technologies. You can also discuss net- 
hood? You can meet them by joining NetWare Users working issues with other networking professionals. 
International (NUI) and attending a NetWare user To locate a NetWare user group in your area or to 
group meeting each month. At NetWare user group get more information about NUI, visit the NetWare 
meetings, you can learn about the latest networking Connection web site (http://www.nwconnection.com). @ 


a 
od 


online at http://www.nwe 


onnection.com 


NOVELL NEWS 


46 Digitalme 
NetWare for SAA 4 


Novell Internet Caching 


Are you spending too much time trying to manage your company’s System 


network? The network management products featured in this article 
may be just what you need to ease your workload. 


poet teh a 


39 Technically Speaking: Good Help Is Hard to Find 


Even if things are running smoothly with your company’s network 
today, chances are that someday you are going to need technical 


Novell Cluster Services for 
NetWare 5 Open Beta 


6 Pack and Modesto 
Managed VPN Services 


NUI NEWS 
45 NUI Leadership Summit 


support. This article helps you determine which potential technical 


support providers have the necessary skills to meet your company’s 


technical support requirements. 


ALSO IN THIS ISSUE 


4 Letters to the Editor 


48 Online Connection: Get With the Program 52 Advertiser Index 


Whether programming is your full-time profession or a hobby, you 


52 Advertising Areas 


won’t want to miss this month’s “Online Connection.” The web sites 
featured in this article provide the tools and information you need to 
write extraordinary applications. You can then amuse yourself with 


the new standalone and network games of the month. 


Contributors 


Mickey Applebaum 
Drew Heywood 
Kimberly Jones 
Cecily Spencer 
Cheryl Walton 


Cover 
Bill Mayer 


Chip DiComo 
George Johnson 
Matthew Jones 


Sandy Stevens 


Copyright © 1999 by Connection Publishing Inc. 


NetWare® is a registered trademark of Novell Inc. 


NetWare Connection, May Issue, NetWare Connection (ISSN 1076-3422) is pub- 


Volume 10, Number 5 lished monthly by Connection Publishing Inc., 
1555 North Technology Way, Orem, UT 84097, 

POSTMASTER: Send address changes to 1-801-465-4768. Periodicals Postage Paid at 

NetWare Connection (ISSN 1076-3422), P.O. Orem, UT and at additional mailing offices. 


Box 19007, Provo, UT 84605-9007. Allow four 


to six weeks for your subscription to begin. NetWare Connection is published 12 times a year. 


Subscription cost is U.S. $36 per year. 


Canada Post Publication Mail Sales Agreement 

No. 1381261 

Canadian Return Address: 2744 Edna Street, INTERNATIONAL 
Windsor, ON N8Y 1V2 


May 1999 NetWare Connection 3 


Congratulations to Mickey Applebaum for once again presenting a down-to-earth, 
straightforward article. “Enabling FTP Services on a NetWare 4.11 Server” (NetWare 
Connection, Apr. 1999, pp. 32-35) was interesting and useful. However, I did notice one 
small error regarding authentication after disabling anonymous access. Mickey states the 
following: “Unlike a workstation login to a NetWare 4.11 server, all usernames and pass- 
words are case sensitive with Novell’s FTP Service.” I have Novell’s FTP service installed 
on one of my servers, and I can successfully log in using all caps, all lowercase, or toggle 
case for both the user ID and the password. 

Jim Parry 


How About an Article About Novell Connecting Points? 

lama Novell reseller attending BrainShare ’99 in Salt Lake City. | am impressed by 
the technology available through Novell Connecting Points—The BrainShare ’99 Net- 
work. For example, this fax has been sent to the NetWare Connection editors directly 
from a Novell Connecting Points terminal using a Tobit FaxWare server. 

The technology behind Novell Connecting Points is so impressive that I would like 
to learn more about the technology in future editions of NetWare Connection. As a re- 
seller, | am always interested in real-world solutions. Novell Connecting Points is of- 
fering these solutions, not just great technology. 


Michel Martin 


We agree, Novell Connecting Points is a real-world solution and, therefore, a great topic for 
a NetWare Connection article. In fact, we are currently working on an article that explains 
the underlying technology of Novell Connecting Points. Look for this article in the next issue of 
NetWare Connection. 


Using the Correct Switch for Onsite Network Analysis 

I read Laura Chappell’s article entitled “Onsite Analysis” (NetWare Connection, 
Apr. 1999, pp. 28-31) with great interest. Laura Chappell’s writing style and ability to 
communicate the concepts of packet analysis continue to amaze me. 

However, | did notice one oversight: Figure 2, referring to the switched network, 
misses one obvious point—the switch that is being used for onsite analysis must be a 
smart switch that is capable of forwarding all packets to the analyzer switch port. Some 
NetWare Connection readers may not realize that the type of analysis being discussed re- 
quires a switch with this feature. If a switch cannot forward all packets to the analyzer 
switch port, you will see only broadcast traffic from the nodes they are analyzing. 


Bill Bach 


You bring up a good point! The switch used to perform onsite analysis must support port 
spanning or mirroring in order to copy packets down to the analyzer’s port. Not all switches 
offer this functionality. 

Laura Chappell, author 


Read the BrainShare ‘99 Conference Daily 

At BrainShare ’99 in Salt Lake City, the NetWare Connection staff edited and pro- 
duced the BrainShare Conference Daily. We thought you might be interested in reading 
some of the articles, particularly the following articles from some of our favorite writers: 


“Directory and Identity: Two Sides of the Internet Coin,” Dr. Eric Schmidt, Novell 

chairman of the board and CEO, Monday edition 

“Waiting for Active Directory: Will It Be as Great as Microsoft Claims,” Gary 

Hein, Tuesday edition 

“Personal Directories: Seeing Things Your Way,” by Glenn Ricart, Novell chief 

technology officer, Wednesday edition 

¢ “shopnovell: Introducing Novell’s New Internet Storefront,” Kevin Millecam, 
Wednesday edition 

¢ “Inside DHCP,” Laura Chappell, Thursday edition 


You can download these articles from the NetWare Connection web site (http:// 
www.nwconnection.com). @ 
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any experts predict that Internet Protocol version 6 

(IPv6), also known as Internet Protocol next genera- 
tion (IPng), is still years away from widespread adoption. 
(See Bob Metcalfe’s “From the Ether,” InfoWorld, May 18, 
1998. You can download this article from http://www.infoworld. 
com/cgi-bin/displayNew.pl?/metcalfe/9805 18bm.htm.) If these 
experts are right, why should you be thinking about IPv6 now? 
After all, you probably haven’t experienced any difficulty with 
the old IP (now commonly called IP v4). 

Although IPv6 may be a few years away from rendering IPv4 
obsolete, Internet Technology (IT) experts such as Prashant 
Shukla, NetWare 5 product manager for Novell Inc., say the time 
for IPv6 is definitely coming. “The fact of the matter is IPv6 has 
to come,” Shukla says. “There’s no choice in this.” IPv6 is neces- 
sary, Shukla explains, because IPv4 is no longer able to meet the 
demands of the rapidly expanding Internet. 

The Internet Engineering Task Force (IETF)—specifically its 
Internet Architecture Board ([AB)—agrees that IPv6 is necessary 
to remedy the inadequacies of IPv4, which include too little ad- 
dress space and an inherent lack of security. The IETF isn’t alone 
in its support of IPv6: IT industry leaders including Novell, Micro- 
soft, NEC, and Cisco are also committed to the future of [Pv6. In 
fact, [Pv6-enabled products by IT companies such as Cisco are al- 
ready on the market. 

In other words, if you haven’t given much thought to learn- 
ing more about what IPv6 is, why it is necessary, and how best 
to go about upgrading your network to accommodate IPv6, it 
isn’t too early to start. This article introduces you to the format 
of IPv6 addresses and to the different types of IPv6 addresses 
that are available and their purposes. In addition, this article 
explains the following: 


¢ The way IPv6 address assignments make routing IPv6 ad- 
dresses easy 

¢ The structure and purpose of IPv6 packet header extensions 

¢ Your options for converting an [Pv4 network to IPv6 


IPV6 ADDRESSES WIN 128-32 

Who could have foreseen that IPv4’s 4,294,967,296 unique 
addresses would prove to be inadequate? Certainly not the 
handful of network researchers who helped design IPv4’s 32- 
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bit addressing format in 
the 1970s. By 1995, however, 
it was clear to IT professionals 
that [Pv4’s more than four billion 
addresses would be used up before the 

first decade of the 21st century. To avert the 
impending address shortage, the IETF went to work on a new, 
improved Internet protocol—one that would, among other 
things, provide a seemingly unlimited number of unique In- 
ternet addresses. 

To solve this address shortage, the IETF approved IPv6 as a 
replacement to IPv4. [Pv6’s 128-bit addressing format provides 
40,282,366,920,938,463,463,374,607,431,768,211,456 addresses— 
that’s well over one undecillion addresses. According to Metcalfe’s 
“From the Ether,” one undecillion addresses translates to “more 
than a thousand IPv6 addresses for every square meter on the 
surface of planet Earth.” 

The new IPv6 addresses look different than the IPv4 addresses 
that you are used to seeing. (For a detailed discussion of [Pv4 ad- 
dresses, see “Choosing IP Addresses for Your Network,” NetWare 
Connection, Feb. 1997, pp. 20-26 You can download this article 
from http://www.nwconnection.com/feb.97/ipadd27.) Unlike IPv4 
addresses, which consist of a series of four decimal numbers con- 
nected by periods, [Pv6 addresses consist of a series of eight hexa- 
decimal numbers separated by colons. For example, a typical IPv4 
address would appear as 123.45.234.56. In contrast, a typical [Pv6 
address would appear as 2DF1:0000:0000:5EA8:ACDE:4823: 
0067:ABCD. 

To make IPv6 addresses easier to write, the IETF has approved 
a few alternative ways to represent these addresses. One alterna- 
tive is to abbreviate a series of four zeros by using a single zero and 
to eliminate leading zeros within a series. For example, you could 
write the IPv6 address above as 2DF1:0:0:5EA8:ACDE:4823: 
67:ABCD. 

Another alternative is to replace a series of consecutive zeros 
with a double colon. For example, the [Pv6 address above can 
be further shortened to 2DF1::5EA8:ACDE:4823:67:ABCD. 
However, you can use only one double colon per IPv6 address. 
(For more information about how to write legal IPv6 addresses, 
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download Request for Comments [RFC] 
2373 from http://ietf.org/rfc/rfe2373.txt.) 

In binary terms, each of the four 
numbers in IPv4 addresses are eight bits 
long and range from 00000000 (0) to 
11111111 (255 in decimal terms). In 
contrast, each of the eight numbers in 
IPv6 addresses is sixteen bits long and 
ranges from O000000000000000 (0) to 
1111111111111111 (FFFF in hexadeci- 
mal terms, or 65,535 in decimal terms). 

With 1Pv4, each host, or node, on the 
Internet (or on a TCP/IP intranet) is as- 
signed a unique IPv4 address. With IPv6, 
each host is assigned multiple addresses. 
For example, an IPv6 host has, among 
other assigned addresses, a unique global 
address, which can be reached from any- 
where on the Internet, and a link-local 
address, which can be reached only from 
other hosts on the same link. (For more 
information about IPv6 
local-use addresses, see 
RFC 2373.) 

IPv6’s much larger ad- 
dress space and the ability to 
assign multiple IPv6 addresses 
to network hosts are just two 
ways IPv6 differs from IPv4. Ad- 
ditional features of [Pv6 include 
the following: 


¢ Format prefixes 

¢ Hierarchical addressing 

© Fixed-length headers 

e Extension headers 

¢ Neighbor discovery and automatic 
addressing 


FORMAT PREFIXES 

The leading bits of an IPv4 address 
designate its format prefix. In contrast, 
before the adoption of Classless Inter- 
Domain Routing (CIDR) the leading bits 
of an IPv4 address designated the address 
class. CIDR is the protocol that is cur- 
rently used to mitigate both the wasted 
address spaces and the inordinately large 
routing tables resulting from [Pv4’s 
class-based addressing protocol. (To re- 
view Pre-CIDR IPv4 class addresses, see 
“Choosing IP Addresses for Your Net- 
work,” NetWare Connection.) 

The leading bits of an 1Pv4 address 
determine the type of address that follows. 
Likewise, the format prefix of an IPv6 
address indicates the type of IPv6 address 
that follows. The format prefix designates 
that the IPv6 address is one of the follow- 
ing types of addresses: 
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¢ Unicast address 

e Anycast address 

© Multicast address 

@ Reserved address 

© Unassigned address 


dresses. (Stateless Address Autoconfigura- 
tion is explained later in this article.) The 
format prefix for multicast addresses is 
11111111 or, in hexadecimal terms, FE 
(For information about how to assign IPv6 


multicast addresses to nodes on your com- 


Unicast Address 

A unicast address is the address for a 
single network node. A packet sent to a 
unicast address goes only to the node to 
which the address belongs. The format 
prefix for unicast addresses is 001. 


pany’s network, see RFC 2373.) 


Reserved Address 


The JETF has reserved several prede- 


fined multicast addresses. These addresses 
are reserved for purposes such as news, 


music multicasts, and experimental pur- 


Anycast Address 
Unlike unicast addresses, which can 
be assigned to any type of node, anycast 
addresses presently can be assigned only 
to routers. In addition, anycast addresses 
identify a set of nodes within a given to- 
pological region. For example, all of the 
routers on a particular network can be ° 
defined as a set of nodes. You can then 
assign these nodes a shared anycast ad- 
dress in addition to their unique unicast 
addresses. A packet sent to this anycast 
address is routed to the node that the 
network routing protocol determines 
is nearest to the sending node. 
Anycast addresses have sev- 
eral uses. For example, you 
can use an anycast address 
in an IPv6 routing header to 
send a time-sensitive packet 
(such as audio or video files) to the 
closest host that shares that anycast ad- 
dress. You can also use an anycast address 
to identify the set of routers for a specific 
subnet. (The IETF defines a required 
anycast address format for a set of subnet 
routers. For more information about 
anycast addresses for subnet routers, see 
RFC 2373.) The format prefix for any- 
cast addresses (001) is the same as the 
format prefix for unicast addresses (001). 


Multicast Address 

Like anycast addresses, multicast ad- 
dresses belong to a set of nodes rather than 
to a single node. For example, you can as- 
sign routers a shared multicast address and 
an anycast address. However, each node 
that shares a multicast address receives all 
of the multicast packets that are sent to 
that address. 

Multicast addresses also have multiple 
uses: For example, multicast addresses are 
used as part of the IPv6 Stateless Address 
Autoconfiguration protocol, which allows 
hosts on intranets or on the Internet to 
obtain or to create their own IPv6 ad- 


poses. (For more information about re- 
served multicast addresses, download RFC 
2375 from http://ietf-org/rfc/rfc2375.txt.) 


In addition to the predefined multicast 


addresses reserved by the IETE the follow- 
ing addresses are reserved: 


The IPv6 Unspecified Address. Each 
of the 128 bits in the 1Pv6 unspecified 
address have a value of zero. (The hexa- 
decimal representation of this address is 
0:0:0:0:0:0:0:0.) Because this reserved 
address is actually the absence of an ad- 
dress, the unspecified address should 
neither be assigned to a node nor be 
used as a packet’s destination. How- 
ever, hosts can use this address as a 
source address to initialize themselves 
before they have configured their own 
unicast addresses. 
The Loop Back Address. The loop 
back address is another reserved address 
that should not be assigned to a node. 
(The hexadecimal representation of this 
address is 0:0:0:0:0:0:0:1.) Packets that 
contain the loop back address as a des- 
tination code come back to the node 
from which the packet was sent. For 
example, you can use the loop back ad- 
dress to test network connections. 
Addresses Reserved for IPX Packets. 
IPv6 includes two options for integrat- 
ing IPX networks with IPv6 networks. 
The first option uses an address space 
that is reserved for IPX packets. This 
reserved address space enables enter- 
prises that use the IPX network layer 
protocol to map their IPX addresses to 
IPv6 addresses. These enterprises can 
then send and receive packets over the 
Internet. The format prefix that defines 
these mapped addresses is 0000010. 
The bits following this prefix contain 
the mapped 80-bit IPX address. 

The second option for integrating 
IPX networks with IPv6 networks is 
to tunnel IPX packets in IPv6 packets. 


HP Buys 
Novell. 


(Metaphorically 
speaking.) 


What we meant to say is that HP buys Novell’s vision 
of the network. Both companies are committed to 
reliable and versatile networks. Both companies are 
committed to making sure their customers can access 
and work on their networks, even when they aren't 
in the office. Novell with the industry-leading 
manageability of their new NetWare, 5 net- 
working software with Novell Directory 
Services, and HP with their award-winning 
NetServers. Both companies are committed to 
your business and your success. So, in a sense, 
two companies are working as one to deliver 
on the promise of networking. Why? What 

did you think we meant? 


www.novell.com/partner/hp 


Cd eackann 


Novell. 


For more information, visit http://advertise.nwconnection.com. 
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Next-Level 
Aggregation 
(NLA) Router 


Site-Level 
Aggregation 
(SLA) Identifier 


SLA Identifier 


Top-Level Aggregation (TLA) Router 


SLA Identifier 


Figure 1. Hierarchical addressing makes assigning and routing [Pv6 addresses more efficient. 


The IETF has defined an IPv6 head- 
er extension specifically for this pur- 
pose. (This option is discussed later in 
the article.) 

e Addresses Reserved for Network 
Service Access Point (NSAP) Pack- 
ets. To facilitate the mapping of NSAP 
addresses to IPv6 addresses, the IETF 
has reserved the set of addresses with 
a format prefix of 0000001. Unlike 
IPv6 addresses, which belong to or- 
ganizations rather than a physical lo- 
cation, NSAP addresses describe the 
physical locations at which a network 
is attached to the Internet. (For more 
information about the NSAP address- 
ing protocol, download RFC 941 from 
http://www. ietf.cnri.reston.va.us/rfc/ 
rfc0941.txt.) 


Unassigned Address 

According to RFC 2373, the IPv6é 
addresses to which format prefixes have 
been assigned—including unicast, any- 
cast, multicast, and reserved addresses— 
account for only 15 percent of the total 
number of addresses available. The IETF 
has not assigned format prefixes to the 
remaining 85 percent of addresses. These 
unassigned addresses are set aside for 
future use. 


HIERARCHICAL ADDRESSING 

The bits following the format prefix 
in an IPv6 address contain information 
that allows [Pv6 addresses to be routed 
hierarchically, just as country codes and 
area codes allow telephone calls to be 
routed hierarchically. For example, the 
bits following the format prefix of unicast 
addresses-are divided among the follow- 
ing hierarchically structured identifiers: 
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© Top-Level Aggregation Identifiers 
(TLA IDs) 

© Next-Level Aggregation (NLA) IDs 

© Site-Level Aggregation (SLA) IDs 

e Interface IDs 


TLA IDs function much as country 
codes function within the telecommuni- 
cation system. Similarly, NLA IDs func- 
tion much as area codes function, SLA 
IDs function much as local zone codes 
function, and Interface IDs function 
much as the digits that identify individ- 
ual telephone numbers. 

This hierarchical design significantly 
reduces the number of entries routing 
tables must contain. For example, TLA 
routers need to know only the addresses 
of the other TLA routers on the Internet 
and of the NLA routers beneath them. 
(See Figure 1.) In contrast, 1Pv4 class- 
based addressing (without CIDR) requires 
top-level routers to have entries for every 
network on the Internet. 


TLA IDs 

The thirteen bits that follow the format 
prefix of unicast addresses contain the 
TLA ID. Representing 8,192 available ad- 
dresses, these thirteen bits are assigned by 
Internet Assigned Numbers Authority 
(IANA) designated registries. The TLA 
ID is used to identify the relatively small 
number of large, long-haul backbone pro- 
viders (such as AT&T) that exist world- 
wide. (For more information about the 
criteria for assigning TLA ID addresses, 
download the IETF draft “Proposed TLA 
and NLA Assignment Rules” from http:// 
www.6bone.net/tla-assign-05.txt.) 

The eight bits that follow the TLA ID 


space are reserved either for TLA expan- 


sion or to add to the number of addresses 
in the 24-bit space that follows this eight- 
bit reserved segment. 


NLA IDs 

The 24-bit space that follows the 
eight-bit reserved segment contains the 
NLA ID. The NLA ID is used to iden- 
tify the service providers whose networks 
are attached to TLA networks. Each 
IPv6 provider is responsible for assigning 
the next-lower addressing sequences. 
Therefore, TLA providers are responsi- 
ble for assigning the 8,388,608 NLA ad- 
dresses available within the 24-bit NLA 
ID space. 


SLA IDs 

The NLA providers, in turn, assign 
single addresses or blocks of addresses to 
individuals and companies from the 16-bit 
SLA ID address space that follows the 
NLA ID space. NLA providers can also 
subdivide their own 24-bit address alloca- 
tion. They can then assign blocks of ad- 
dress space to smaller service providers. In 
addition, NLA providers can allocate part 
of their 24-bit address space to large or- 
ganizations, such as government organiza- 
tions, that require more than the 65,535 
addresses available within the 16-bit SLA 
ID space. 

Finally, companies that are assigned 
blocks of SLA ID addresses are responsible 
for assigning those addresses to networks 
and subnetworks within their organiza- 
tions. IPv6 subnet prefixes are allocated 
out of the SLA address space. As with 
IPv4 subnet prefixes, [Pv6 subnet prefixes 
are associated with one link. Unlike IPv4, 
however, IPv6 allows you to assign mul- 
tiple subnet prefixes to any given link. For 
example, the subnet prefix in a link’s any- 
cast address may be just one of the subnet 
prefixes that identifies that link. 


Interface IDs 

The last 64 bits of the IPv6 128-bit 
address space are called the Interface ID. 
In IPv4, each host is assigned a unique 
number out of the total number of host 
addresses available within a given class- 
based address. In IPv6, on the other hand, 
interface addresses are assigned according 
to either the new Institute of Electrical 
and Electronics Engineers (IEEE) Equip- 
ment Identifier (EUI) 64 identifier or the 
old IEEE EUI-48 identifier. (EUI identi- 
fiers are also known as Medium Access 


Control [MAC] addresses.) 
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EXTENSION HEADERS 

To further enhance router performance, 
IPv6 transfers the functions available 
through the IPv4 options field to separate 
IPv6 headers, called extension headers. The 
IPv4 options field presents options to rout- 
ers in a single, variable-length field. In 
contrast, [Pv6 extension headers present 


IPv4 Packet Header 
IHL (4 Bits) Type of Service (8 Bits) 
Flags (4 Bits) 
Protocol (8 Bits) 
Source Address (32 Bits) 


Destination Address (32 Bits) 
Padding (variable) 


IP Version Number (4) 


Total Length (16 Bits) 


Fragment Offset (12 Bits) 
Header Checksum (16 Bits) 


Identification (16 Bits) 
Time to Live (8 Bits) 


Options (variable) 


IPv6 Packet Header 


IP Version Number (6) 


Traffic Class (8 Bits) 


Flow Label (20 Bits) 


Payload Length (16 bits) 


Next Header (8 Bits) 


Hop Limit (8 Bits) 


Source Address (128 Bits) 


Destination Address (128 Bits) 


IPv6 Packet Structure 


<nnnnnnnnnn nanan -- Encrypted---------------------- 
IPv6 Hop-by-Hop AH ESP Extension | Transport Header Payload 
Header | Extension Header | Header | Header (TCP etc.) y 


Figure 2. IPv6 significantly reduces and standardizes the number of fields in packet headers 


from the IPv4 format. 


The new IEEE EUI-64 format is a 64- 
bit series of numbers. The first 24 bits in 
an EUI-64 number identify the manufac- 
turer of a particular interface, and the 
last 40 bits identify the device itself. 

For example, the first 24 bits of a 
router’s EUI-64 identifier identify the 
company that manufactured the router 
(such as Cisco). The IEEE assigns 24-bit 
manufacturer numbers, and the manu- 
facturer then assigns the following 40 
bits of the router’s EUI-64 identifier. (For 
more information about EUI-64 identi- 
fiers, download http://www.standards. 
ieee.org/regauth/oui/tutorials/EUI64. 
html. For information on creating EUI 
identifiers for IPv6, download RFC 2373, 
Appendix A at http://ietf-org/rfc/ 
rfc2373.txt.) 


FIXED-LENGTH HEADERS 

Implementing a hierarchical address- 
ing structure is just one way that IPv6 
simplifies routing. Unlike [Pv4, which 
uses variable-length packet headers, IPv6 
uses fixed-length packet headers of 40 
bytes. These fixed-length headers allow 
routers to parse packets more efficiently. 

IPv6 further simplifies routing require- 
ments by using a smaller number of head- 
er fields. [Pv4 packet headers contain 14 
fields; [Pv6 packet headers contain only 
eight fields. (See Figure 2.) 

Since IPv6 packets have fixed-length 
headers, the old IPv4 header length field 
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is obviously no longer needed. Other 
eliminated IPv4 fields include the frag- 
ment offset, identification, flags, and 
header checksum fields. 

The most significant deletion is the 
IPv4 header checksum field, which con- 
tains a computation based on the total 
number of bits in each particular IPv4 
header. Each time a router receives an 
IPv4 packet, the router recomputes the 
number of bits the header contains. 

The router then checks its computa- 
tion against the computation contained 
in the IPv4 header checksum field. If 
these two computations are identical, 
the data contained in the IPv4 header is 
most likely uncorrupted. In this case, the 
router forwards the packet. If the two 
computations are not identical, the rout- 
er assumes the IPv4 packet is corrupted 
and discards it. 

According to the IAB’s Internet draft 
titled “The Case for IPv6,” the IPv4 head- 
er checksum field is an unnecessary field 
that “has caused reduced performance in 
today’s Internet.” Because corrupted pack- 
ets can be detected at both the data-link 
layer of the Open Systems Interconnec- 
tion (OSI) model and the transport layer 
of the OSI model, routers do not need to 
check for bad packet headers. Any bad 
packets the data-link layer misses, the 
transport layer will catch. (You can down- 
load “The Case for IPv6” from http:// 


www.6bone.net/case-for-ipv6.txt.) 


selected options to routers in separate 
header fields, allowing routers to process 
the packets more efficiently. 

IPv6 extension headers follow the 
primary (40-byte) header and precede 
the protocol header and the payload 
fields in IPv6 packets. (The payload 
fields contain the data packet being 
transmitted. Normally, IPv6 payload 
fields can accommodate up to 64 KB of 
data. See Figure 2.) Each extension head- 
er ends with a “next header” field that 
indicates whether the field following the 
extension header contains another ex- 
tension header, the protocol header, or 
the payload field. (For a complete list of 
currently approved IPv6 extension head- 
ers, see “The Case for IPv6.”) 

The IETF has defined a variety of ex- 
tension headers, including the following: 


¢ Hop-by-hop extension header 

e Authentication extension header 

¢ Encapsulating Security Protocol (ESP) 
extension header 

e [PX-in-IP extension header 


Hop-by-Hop Extension Header 

Because hop-by-hop extension head- 
ers are read by every router in an IPv6 
packet’s forwarding path, this extension 
header must be placed directly behind 
the primary IPv6 header. The hop-by- 
hop extension header has several uses. 
For example, this extension headers 
allows you to use the Router Alert op- 
tion, which instructs all routers in an 
IPv6 packet’s forwarding path to inter- 
cept and parse the contents of the en- 
tire packet. 

You can choose this option if you are 
sending a Resource Reservation Protocol 
(RSVP) packet. RSVP instructs routers 
to reserve the network resources—such 
as maximum bandwidth or maximum de- 
lay—that are necessary to support band- 
width-intensive packets, such as those 
containing audio and video data, or delay- 
sensitive packets, such as real-time com- 
munications. (For more information 
about RSVP, visit http://www.micom. 
com/WhitePapers/rsvp/wprsvpte.htm.) 
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The hop-by-hop extension header also 
allows you to use the Jumbogram option. 
The Jumbogram option allows you to send 
packets that contain payloads larger than 
the 64 kilobyte payload normally allowed 
in IPv6 packets. (For more information 
about the hop-by-hop Jumbogram option, 
visit http://ietf.org/internet-drafts/draft-ietf- 
ipngwg-jumbograms-00.txt.) 

In addition, the hop-by-hop extension 
header provides Quality-of-Service (QoS) 
features. A protocol can then request the 
specific capabilities it needs to perform its 
functions from the IP network on which 
the protocol is operating. 


Authentication Extension Header 

IPv6 headers also provide enhanced 
security. Two of IPv6’s header extensions, 
the Authentication Header (AH) and 
the Encapsulating Security Protocol (ESP) 
Header, work either together or separate- 
ly to keep data packets secure as they 
travel across your company’s network or 
the Internet. 

The IPv6 AH extension header uses 
secret keys to authenticate the source of 
the packets you receive via hosts on your 
company’s network or on the Internet. 
These secret keys are strings of alphanu- 
meric characters that you configure au- 
thorized network hosts to recognize. 

To prevent spoofing on your com- 
pany’s network, you can configure net- 
work hosts to recognize a secret key. You 
can then use an IPv6 AH extension 
header that uses this secret key to ensure 
that the information contained in IPv6 
packets, such as requests for access to 
network resources, is from an authorized 
source. (Spoofing is the practice of con- 
figuring an unauthorized host to imper- 
sonate an authorized host to gain access 
to resources such as your company’s con- 
fidential databases.) 

The AH extension header also uses 
the secret key and the entire contents of 
the IPv6 packet to create a message digest. 
A message digest is a mathematical func- 
tion (such as [Pv6-approved Message Di- 
gest version 5 algorithm [MD5]) that 
represents the entire contents of a data 
packet as a single number. 

This number is transmitted with the 
data packet. The message digest is recom- 
puted by the host that receives the data 
packet. If the two message digest numbers 
are identical, the receiver can be reason- 
ably sure that the data contained in the 
packet is uncorrupted. 
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The IPv6 AH extension header can 
protect your network from spoofing and 
from attempts to modify the data you re- 
ceive. However, the IPv6 AH extension 
header cannot protect your company’s 
network from snooping, which is the prac- 
tice of unobtrusively reading the contents 
of data packets as they travel across the 
network or the Internet. 

Snooping can risk the security of your 
company’s most confidential data. To 
protect your company’s information from 
snooping devices as it travels over the 
network or over the Internet, you can im- 
plement the IPv6 ESP header extension. 


ESP Extension Header 

The ESP extension header increases 
the security of your company’s data by 
allowing you to use various encryption 
algorithms such as U.S. Data Encryption 
Standard (DES) in Cipher Block Chain- 
ing (CBC) mode and RC5. (DES-CBC 
is the [Pv6 default encryption algorithm. 
RC5 is an encryption algorithm that was 
developed by Ron Rivest of RSA Labora- 
tories Inc. For more information about 
DES-CBC, see “Securing IP,” SunWorld, 
June 1998. You can download this article 
at http://www.sunworld.com/swol-06-1998/ 
swol-06-ipsec.html. For more information 
about the RC5 encryption algorithm, 
visit http://www.uni-siegen.de/security/ 
krypto/rc5-rsainfo.txt.) 

You can use IPv6 ESP headers to send 
snoop-proof IPv6 packets in one of two 
modes: transport mode or tunneling mode. 
In transport mode, only the transport- 
layer header (for example, the TCP head- 
er) and the payload (the actual data 
being transmitted) are encrypted. In 
tunneling mode, a dummy IPv6 header 
that contains neither the packet’s source 
nor its destination address is placed in 
front of the ESP header, which in turn 
is placed in front of the original IPv6 
header. Everything behind the ESP 
header is encapsulated and encrypted. 
As a result, the entire contents of the 
original packet are hidden from packet- 
sniffing devices. 

For example, you can use the ESP tun- 
neling mode to create a security tunnel 
between the firewall at a remote site and 
the firewall at your company’s headquar- 
ters. After a packet transported in tunnel- 
ing mode is inside a firewall, the dummy 
IPv6 header and the leading ESP header 
are discarded. The entire original packet 
is then visible. 


Because all portions of the IPv6 pack- 
et that follow the ESP extension header 
are encapsulated and encrypted and, 
therefore, unavailable to routers, you 
must insert ESP extension headers with 
care. For example, you should never put 
an ESP extension header in front of a 
hop-by-hop extension header because 
the packet will not be parsed by each 
router along its destination path as you 
intend. Because the information behind 
the ESP extension header, including the 
hop-by-hop extension header, will be 
encrypted, routers cannot be signaled to 
provide options such as RSVP. (For more 
information about the recommended use 
of IPv6 extension headers, see “The 
Case for IPv6.”) 


IPX-in-IP Extension Header 

In addition to providing a way to 
transport confidential information via 
a security tunnel, [Pv6 provides a way to 
transport IPX packets via IPv6 tunnels. 
The IPX-in-IP header extension allows 
you to transport IPX packets by encap- 
sulating those packets within an IPv6 
packet. When the IPX packet reaches 
the destination IPX network, the en- 
capsulating IPv6 packet is discarded, 
and the IPX packet is visible to the 
IPX network. 


DISCOVERY AND AUTOMATIC 
ADDRESSING 

Autoconfiguration is one of the ob- 
vious advantages IPv6 has over IPv4. 
Autoconfiguration is a protocol that al- 
lows 1Pv6-enabled hosts to automatic- 
ally configure and reconfigure their 
IPv6 addresses. 

To automatically configure addresses, 
an IPv6-enabled host first configures an 
address for itself using a local network 
prefix and the host’s own link address. 
(A host’s link address is the physical ad- 
dress that identifies the host’s Ethernet, 
Token Ring, or LocalTalk controller 
board.) The host then uses a protocol 
called Neighbor Discovery to determine 
whether or not this link address is unique. 

IPv6 Neighbor Discovery is a function 
of Internet Control Message Protocol ver- 
sion 6 (ICMPv6), a protocol that provides 
services, such as error reporting, for proto- 
cols that operate at the network layer of 
the OSI model. Using Neighbor Discov- 
ery, a host on an IPv6 network can dis- 
cover whether or not its self-configured 
link address is unique: The host simply 
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Example: 


0:0:0:0:0:0:134.234.07.101 


Figure 3. To facilitate migration to an IPv6 
environment, IPv6 provides a way to em- 
bed IPv4 addresses within IPv6 addresses. 


sends an ICMP Neighbor Solicitation 
multicast message to all of the hosts on 
the local link. 

If the originating host receives no 
reply, its link address is unique. If an- 
other host on this local link recognizes 
the new self-configured link address as 
its own link address, this host sends the 
originating host an ICMP message called 
a Neighbor Advertisement message. The 
Neighbor Advertisement message in- 
forms the originating host that the new 
self-configured address is not unique. 
The originating host then configures 
another address and sends a new multi- 
cast Neighbor Discovery message to the 
hosts on the link. 

When the host finds a unique self- 
configured link address, the host then 
sends another Neighbor Discovery multi- 
cast message that includes the host’s offi- 
cial link address as a source address. How- 
ever, rather than sending a message to all 
of the hosts on its local link, the host 
sends the message to the router that con- 
nects that link to other network links. 

When an [Pv6-enabled router receives 
a Neighbor Discovery message from a host, 
the router sends that host a unicast mes- 
sage called a router advertisement. A router 
advertisement includes information such 
as a valid range of addresses for the sub- 
net to which the router and host are at- 
tached. The router also tells the host 
whether it must use stateful or stateless 
autoconfiguration. 

Stateful configuration requires a 
Dynamic Host Configuration Protocol 
(DHCP) server to assign an IPv6 address 
to the host. If the router instructs the host 
to use stateful autoconfiguration, the host 
contacts a DHCP server with a request for 
a valid IPv6 address. DHCP servers assign 
valid IPv6 addresses dynamically—that 
is, each time a host makes a request, the 
DHCP server assigns the host IPv6 ad- 
dresses from a pool of IPv6 addresses. 
(For more information about how DHCP 
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works in an IPv4 environment, see “NDS 
and DHCP: Configuring DHCP for a 
Complex Environment” on p. 18. You can 
also download RFC 2131 at http://ietf-org/ 
rfc/rfc2131.txt.) 

If the router instructs the host to use 
stateless autoconfiguration, the host uses 
information contained in the router’s ad- 
vertisement to generate its own address. 
This router-supplied information includes 
the numbers of the subnets associated 
with the host’s link. The host then uses 
its own EUI-64 identifier to generate an 
interface ID for itself. Finally, the host 
appends the interface ID it generates to 
the subnet information supplied by the 
router. (For more information about 
stateless autoconfiguration, see RFC 
2462 at http://ietf.org/rfc/rfc2462.txt.) 

Autoconfiguration allows your com- 
pany to change service providers without 
having to manually reconfigure addresses 
for every node on your company’s net- 
work. Naturally, the bigger your company’s 
network, the more time and money ad- 
dress autoconfiguration can save. 

Address autoconfiguration also makes 
using roaming mobile hosts, such as your 
laptop or Internet-enabled cellular tele- 
phone, easier. Using autoconfiguration, 

a roaming mobile host can configure a 
valid IPv6 address for itself, regardless of 
the network to which it is temporarily 
attached. Using this current, temporary 
IPv6 address, the roaming mobile host 
can then ask a router on its home net- 
work (called a home agent) to forward 
packets to this newly configured address. 
In fact, technologies such as roaming 
mobile hosts may prove to be the push 
that starts the IPv6 ball rolling. 


IT’S NEVER TOO EARLY TO 
MAKE A PLAN 

There are a few good reasons why IPv6 
is not already in wide use on the Internet. 
First, protocols such as Network Address 
Translation (NAT), DHCP, and CIDR 
have temporarily eased concerns about 
the scarcity of remaining IPv4 addresses. 
Thanks to these address-saving protocols, 
there are still 1.6 billion unallocated IPv4 
addresses. (NAT allows you to make the 
most of hard-to-get publicly assigned 
Internet address assignments by mapping 
the privately assigned IPv4 addresses 
you’ve given to hosts on your intranet to 
the publicly assigned IP address of a proxy 
server that interacts with the Internet. 
This proxy server then makes Internet 


connections on behalf of the non-pub- 
lically assigned addresses behind it.) 

Second, the change from IPv4 to IPv6 
will entail upgrading everything from the 
government-owned Domain Name Sys- 
tem (DNS) servers at the Internet’s back- 
bone to the routers that deliver packets 
from one subnetwork to another. (DNS 
servers map domain names to their In- 
ternet-unique addresses, a process that 
enables routers and switches to deliver 
packets to the appropriate network.) 

Despite the arguments for sticking 
with [Pv4, it’s only a matter of time be- 
fore IPv4’s limitations make change ne- 
cessary. In other words, the question isn’t 
whether or not to upgrade your company’s 
network to accommodate [Pv6, but when 
and how you should upgrade your com- 
pany’s network. 


Wait and Hurry Up 

Since time-frame estimates for [Pv6's 
widespread adoption range from two or 
three years (see “Light at the end of the 
IPv6 tunnel,” PC Week, Jan. 26, 1998) to 
as long as a decade (see “From the Ether”), 
you should have sufficient time to deter- 
mine the best way to upgrade your com- 
pany’s network from IPv4 to IPv6. Your 
choices for managing this upgrade are 
simple: You can wait until the majority of 
Internet components (such as the DNS 
servers that sit on the Internet backbone 
and your Internet Service Provider’s 
[ISP’s] equipment) are [Pv6-enabled and 
then upgrade to I[Pv6 all at once, or you 
can migrate to I[Pv6 gradually. 

If you opt to wait until nearly every- 
one on the Internet (including your ISP) 
has upgraded to IPv6, you will probably 
need to purchase a great deal of IPv6- 
enabled hardware and software all at 
once. You will need to replace non-IPv6 
compatible routers, switches, operating 
systems, and applications. Obviously, the 
more extensive your company’s network, 
the greater the costs will be, both in 
terms of purchasing necessary equipment 
and software and in the time and effort it 
takes to implement this new equipment. 

Although a total network overhaul 
may prove to be unwieldy for large com- 
panies with complicated networks, small 
companies may benefit from this wait- 
and-see approach. One of the most com- 
pelling advantages of waiting to upgrade 
your company’s network is that many IT 
companies are also taking a wait-and- 
see approach. 


According to “Spreading the IPv6 
Gospel: A Tall Order” (PC Week, Nov. 
16, 1998), the IPv6 stacks that are 
currently available for routers and 
operating systems are “still in devel- 
opment phases.” This article goes on 
to predict that IT companies will 
iron out the kinks in currently 
available [Pv6-enabled prod- 
ucts such as routers and oper- 
ating systems within the next 
few years. 

However, whether or 
not you choose to wait 
until IT companies iron 
out all the kinks in IPv6- 
enabled products, the 
sooner you become fa- 
miliar with IPv6 in general, the less 
stress this migration will cause in the 
long run. In fact, since IPv6-literate net- 
work consultants and programmers will 
almost certainly be in high demand 
when it becomes necessary to migrate to 
IPv6—and will therefore demand high 
prices for their services—having an IT 
staff that is familiar with IPv6 could save 
your company money and headaches. 


Proceed With Caution 

If you decide to migrate to IPv6 grad- 
ually, you’ll have the luxury of learning 
IPv6 gradually. In addition, a gradual 
migration may eliminate late nights of 
trying to get your company’s network up 
and running to meet either a self-imposed 
or an externally imposed deadline. 

However, making a gradual transition 
to IPv6 will probably not be painless al- 
though IPvé6’s designers have worked hard 
to make migrating to IPv6 as easy as pos- 
sible. For example, early versions of [Pv6- 
enabled hosts and routers will use both an 
IPv4 stack and an IPv6 stack. These dual 
stacks will allow you the flexibility to 
upgrade your network piece-by-piece. 

You may put an [Pv6-enabled router 
on one subnetwork and an [Pv6-enabled 
host on an entirely different subnetwork. 
In this case, the IPv6-enabled router will 
process both IPv4 and IPv6 packets, en- 
abling IPv4 traffic to flow freely through- 
out your company’s network. The IPv6- 
enabled host will also process both IPv6 
and IPv4 packets, ensuring that IPv4 
packets addressed to this host are not 
discarded. However, IPv4 hosts on your 
company’s network will not be able to 
process IPv6 packets, and you will need 
an IPv6-enabled DNS server to send or 


receive IPv6 packets over the Internet. 
(For more information about implement- 
ing IPv6-enabled DNS servers, see “The 
Case for IPv6.”) 
The designers of IPv6 have further 
facilitated the transition from [Pv4 
» through a process called I[Pv6 over 
w. IPv4 tunneling. With IPv6 over 
| IPv4 tunneling, IPv6 packets 
» can reach [Pv6-enabled hosts 
— via IPv4-only networks. For 
example, if isolated [Pv6 hosts 
need to communicate with one 
another over an IPv4 network, an [Pv6- 
enabled router on one host’s side of the 
network can encapsulate IPv6 packets 
and readdress them as IPv4 packets. 

These readdressed packets are then 
able to traverse an IPv4 network as ordi- 
nary IPv4 packets do. When the IPv6 
packets reach their destination, another 
IPv6-enabled router removes their [Pv4 
addresses and forwards them to the IPv6- 
enabled host to which they were original- 
ly addressed. 

IPv6 also provides a standard to em- 
bed your company’s IPv4 addresses in 
an IPv6 address. You can then continue 
to use the addresses already configured 
for your company’s network until the 
transition to IPv6 has progressed and 
your company’s network can readdress 
itself through autoconfiguration. You 
can embed an IPv4 address in an IPv6 
address by setting all of the bits in the 
IPv6 address to zero, with the exception 
of the last 32 bits, which comprise the 
32 bits of the original IPv4 address. (See 
Figure 3.) 

If you embed your company’s IPv4 ad- 
dresses in IPv6 addresses until the transi- 
tion to IPv6 is nearly completed, you 
will forgo the benefits of using standard 
IPv6 addresses. However, you will also 
avoid the necessity of manually defining 
the IPv4-to-IPv6 mapping procedures 
that tell your company’s [Pv6-enabled 
routers how to tunnel IPv6 packets over 
IPv4 networks. Instead, these [Pv6- 
enabled routers can automatically tun- 
nel IPv6 packets by converting the 128- 
bit IPv6 address to a 32-bit IPv4 address 


and vice versa. 


CONCLUSION 

Critics of early migration to IPv6 cite 
the lack of refinement in currently avail- 
able IPv6 protocol stacks as one reason 


to adopt a wait-and-see attitude. (See 
“Spreading the I[Pv6 Gospel: A Tall Or- 


der.”) Advocates of IPv6 see the avail- 
ability of free [Pv6 protocol downloads 
as the logical starting point. (For ex- 
ample, you can download Cisco [Pv6 
beta software at http://www.cisco.com/ 
warp/public/732/ipv6/download.html.) 
Despite these diverse opinions, the 
widespread deployment of I[Pv6 may be 
closer than you think: Out of 20 respond- 
ents to a recent Cutter Information Corp. 
survey on IPv6 awareness, more than 50 
percent were aware of IPv6. Furthermore, 
nearly 25 percent of these respondents 
reported that they plan to test [Pv6 on 
their company’s networks this year. (For 
more information about this survey, see 
Cutter Information Corp.’s Corporate 
Internet Strategies, Sept. 1998. You can 
also visit http://www.cutter.com/cis/ 
cistoc.htm.) However, only you can 
decide how soon your company should 
begin the transition to the I[Pv6 format. 
Chery! Walton is a writer for Niche 
Associates, an agency that specializes in edit- 
ing and writing technical documents. Niche 
Associates is based in Sandy, Utah. @ 
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Configuring DHCP for a 
Complex Environment 


ynamic Host Configuration Protocol (DHCP) is a TCP/IP 

service that simplifies the configuration of TCP/IP network 
clients. Because DHCP dynamically assigns IP addresses and 
client configuration parameters, you do not have to assign and 
track IP addresses manually. This article is the second in a two- 
part series that explains how to implement the DHCP service in 
NetWare 5. (See “NDS and DHCP: Configuring the DHCP Ser- 
vice in NetWare 5,” NetWare Connection, Apr. 1999, pp. 18-26. 
You can download this article from http://www.nwconnection. 
com/apr.99/dhcp49.) The first article explained how DHCP works 
and outlined how to set up a basic NetWare 5 DHCP service. 
The second article explains the following: 


¢ How to release and renew leases on Windows NT, 98, and 
95 clients 

¢ How to troubleshoot DHCP operations 

¢ How to manage IP Address objects 

¢ How to use Dynamic Domain Naming System (DNS), which 
enables DHCP to add and remove IP address mappings to the 
DNS database as leases are allocated and cancelled 

© How to use Subnet Pool objects to enable DHCP to function 
on a virtual LAN 

¢ How to use DHCP to configure various client parameters 


RENEWING AND RELEASING CLIENT LEASES 

In most cases, the Windows TCP/IP protocol stack automati- 
cally takes care of DHCP lease operations in the background. 
However, you may need to check a client’s DHCP configuration 
or force a client to release its lease or to lease a new IP address. 
For example, if you move a client to a new subnet and the client 
persists in using its old IP address, you may need to manually fix 
the problem. 

Windows 98 and 95 include the WINIPCFG utility, a GUI 
TCP/IP configuration utility, which you execute by running 
WINIPCFG.EXE at the Run prompt or in a command prompt 
window. Figure 1 shows the WINIPCFG utility after the More 
Info button has been clicked and the DHCP-related data is dis- 
played. (See p. 20.) 

If the client has an active DHCP lease, the WINIPCEFG utility 
reports the lease parameters, including the IP address of the 
DHCP server that granted the lease, the time when the lease was 
obtained, and when the lease expires. If the client does not have 
a lease, these fields are blank, and the IP address is 0.0.0.0. If the 
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client has multiple network interfaces (such as dial-up Point-to- 
Point Protocol [PPP] connections), you must select the LAN 
interface in the pull-down list of adapters. 

You can use the WINIPCFG utility to perform two operations: 


© You can click the Renew button to request a new lease or to 
renew an existing lease. 

e You can click the Release button to cancel the current lease. 
The client then enters an unbound state and cannot communi- 
cate via TCP/IP until a new lease is obtained. The client trans- 
mits a DHCPRELEASE message to the DHCP server that 
granted its current lease. If the DHCP server receives this mes- 
sage, the server removes the associated IP Address object from 
its database and returns the IP address to the list of available 
addresses. 


If the client has more than one LAN interface, you can use the 
Renew All or Release All buttons to perform the associated oper- 
ation for all interfaces. However, you cannot use the WINIPCFG 
utility to affect an IP address that is not assigned via DHCP. For 
example, if a dial-up service assigned an IP address to a PPP in- 
terface, the address was not obtained through DHCP, and you 
cannot affect that IP address. 

Windows NT includes the IPCONFIG utility, a command-line 
utility. (A GUI IPCONFIG utility is available in the Windows 
NT 4.0 Resource Kit.) If you enter a simple IPCONFIG com- 
mand in a command prompt window, the utility reports only the 
basic client address configuration, including the IP address, subnet 
mask, and default gateway (router). You can use the following 
command options to manage the DHCP configuration: 


¢ IPCONFIG /ALL generates a detailed report of the client’s net- 
work configuration parameters. You use this option to find out 
which DHCP server granted the client’s current lease, when the 
lease was granted, and when it will expire. 

e IPCONFIG /RENEW attempts to renew the client’s lease if one 


is in force or to obtain a lease if the client does not have one. 


e IPCONFIG /RELEASE sends a DHCPRELEASE message to 
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Figure 1. You can use the WINIPCFG 
utility on Windows 98 and 95 clients to view 
the status of DHCP leases and to release and 
renew leases. 


the DHCP server that granted the 
client’s current lease and cancels the 
client’s use of the lease. 


By default, the /RELEASE and /RE- 
NEW options affect all LAN interfaces on 
the client. You can release or renew the 
lease for only one interface by including 
the interface name in the IPCONFIG 


command, as shown below: 
IPCONFIG /RELEASE E100B1 


To learn the names of the LAN inter- 
faces, examine the output for the IPCON- 
FIG /ALL command. 


TROUBLESHOOTING DHCP 

Although a properly configured DHCP 
service should operate with little difficulty, 
problems can occur. You can use several 
diagnostic tools to manage DHCP. For 
example, you can use the DHCP debug 
screen on the DHCP server. To activate 
the debug screen, load the DHCPSRVR 
NetWare Loadable Module (NLM) with 
the -D1 parameter: 


LOAD DHCPSRVR -D1 


You cannot load the DHCPSRVR 
NLM te-entrantly. To change its opera- 
tional settings, you must unload and reload 
the NLM. 

After loading the DHCPSRVR NLM 
with the -D1 parameter, you can display 
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the DHCP debug screen by pressing the 
Control-Escape keys and selecting the de- 
bug screen from the Current Screens list. 
Because log maintenance consumes server 
processing power, you should enable debug 
logging only during the initial testing of 
the DHCP service and when you are trou- 
bleshooting problems. 

If you use the -D1 parameter, the 
DHCP debug screen reports every packet 
exchanged between the DHCP server and 
client. For example, suppose that DHCP 
clients cannot obtain leases. If you activate 
the DHCP debug screen, you can deter- 
mine whether or not the DHCP server 
is receiving DHCPDISCOVER packets 
from DHCP clients. If these packets are 
not reaching the DHCP server, one of the 
following problems may have occurred: 


e The client is misconfigured. 
e The DHCP service is misconfigured. 
© Bootstrap Protocol (BOOTP) forward- 


ing isn’t enabled on intervening routers. 


You should check the client’s TCP/IP 
protocol stack to verify that the client is 
configured to obtain its IP address from 
DHCP. (For more information about con- 
figuring Windows NT, 98, and 95 clients to 
use DHCP, see “NDS and DHCP: Con- 
figuring the DHCP Service in NetWare 
5,” NetWare Connection.) If the client is 
configured properly, use the WINIPCFG 
or IPCONFIG utility to attempt to renew 
an IP address. Then examine the DHCP 
debug screen to determine whether or not 
the DHCP server received the request. 

The DHCP service cannot grant leases 
unless it has leases to grant. You should 
verify that Subnet and Subnet Address 
Range objects have been created for the 
subnet on which the client resides and ex- 
amine any messages that result when the 
DHCPSRVR NLM is loaded. Although 
the DHCPSRVR NLM will load if Subnet 
Address Range objects have not been cre- 
ated for a subnet, this NLM will report an 
error. To force the DHCPSRVR NLM to 
recognize new or modified Subnet or Sub- 
net Address Range objects, you must un- 
load and reload this NLM (or use the 
DNS/DHCP Management Console to 
pause and restart the DHCP service). 

As the last issue of NetWare Connec- 
tion explained, you must enable BOOTP 
forwarding on any routers that separate 
DHCP clients from their DHCP servers. If 
DHCPDISCOVER packets are not reach- 
ing the DHCP server, check the configura- 


tions of the intervening routers. Also, if 
TCP/IP packet filtering is in effect, ensure 
that the router does not filter out packets 
for User-Datagram Protocol (UDP) ports 
67 and 68 (decimal), which are used for 
the BOOTP and DHCP services. You may 
want to use a protocol analyzer such as 
Novell’s LANalyzer for Windows to exam- 
ine packets on both sides of the router. 


MANAGING IP ADDRESS OBJECTS 

Although Subnet and Subnet Address 
Range objects provide the infrastructure 
for the NetWare 5 DHCP service, IP Ad- 
dress objects do most of the work. There 
are three types of IP Address objects: 


e Dynamic. The DHCP service creates a 
dynamic IP Address object to keep track 
of each client lease. 

¢ Manual. You can create static IP Ad- 

dress objects that assign particular IP ad- 

dresses to specific clients. These clients 
are identified by a unique characteris- 
tic—usually their Media Access Control 

(MAC), or network hardware, addresses. 

Exclusion. Exclusion IP Address objects 

mark specific IP addresses as unavailable 

for assignment. The DNS/DHCP Man- 
agement Console automatically creates 
some exclusion IP Address objects to 
prevent DHCP from assigning illegal ad- 
dresses. You may need to create exclu- 
sion IP Address objects if you do not 
want specific IP addresses in a dynamic 
address range to be assigned. 


Figure 2 shows the Addressing tab for 
an IP Address object in the DNS/DHCP 
Management Console. (See p. 22.) Be- 
cause Figure 2 shows a manual IP Address 
object, all of the fields are active. When 
dynamic and exclusion IP Address objects 
are displayed, some fields appear but are 
colored gray to indicate that they are inac- 
tive. All dynamic IP Address objects are 
created by the DHCP service, and you 
cannot modify the information shown. 

It is easier to discuss the fields in the 
following order, rather than the order in 
which they appear on the Addressing tab: 


e IP Address. This field reports the IP ad- 
dress that is associated with the object. 
(This field is active for all IP Address 
objects.) 

¢ MAC Address. DHCP clients are 
typically identified by their MAC ad- 
dresses. (This field is active for dynamic 
and manual IP Address objects.) 


MAC Type. This field identifies the 
type of network that the client is con- 
nected to. DHCP packets include a 
hardware address type field that identi- 
fies the type of network the client is at- 
tached to. For example, MAC type 1 is 
associated with a 10 MB Ethernet net- 
work. (This field is active for dynamic 
and manual IP Address objects.) 

Client Identifier. A client identifier can 
be used to identify DHCP clients. The 
DHCP service generates a client identi- 
fier by appending the client’s MAC type 
to its MAC address. Although Windows 
NT, 98, and 95 clients are identified by 
their MAC addresses, the client identi- 
fier may be useful for configuring other 
types of clients that are not covered in 
these articles. 

Hostname. DHCP options enable cli- 
ents to send information to the DHCP 
server and to obtain configuration pa- 
rameters from the DHCP service. The 
client can use the Hostname option to 
report its name to the DHCP service, 

or the DHCP service can use this option 
to assign a name to the client. If the 
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DHCP service receives a hostname from 
the client, this hostname is recorded in 
the Hostname field of the client’s IP 
Address object. Windows NT, 98, and 
95 clients include their NetBIOS names 
in the Hostname option. You can also 
enable automatic hostname generation, 
a feature that is discussed later in this 
article. (This field is active for dynamic 
and manual IP Address objects.) 

Enable DNS RR Entry Updates. You 
should select this field if you want to en- 
able Dynamic DNS updates for a manu- 
al IP Address object. (This field is active 
only for manual IP Address objects.) 
Associated NDS Object. You can use 
this field to document the relationship 
between a manual IP Address object 
and a Novell Directory Services (NDS) 
object that is associated with the de- 
vice that receives its IP address from 
the manual IP Address object. (This 
field is active only for manual IP Ad- 
dress objects.) 

Comments. You can use this field to 
document the purpose and history of a 
manual or exclusion IP Address object. 


The following sections discuss the char- 
acteristics of the IP Address objects. 


Dynamic IP Address Objects 

The Addressing tab for a dynamic IP 
Address object reports the IP Address that 
is assigned to the lease and the client iden- 
tifier that is assigned to the client. This tab 
also reports the client’s MAC address, 
MAC type, and hostname. 

The Usage tab for a dynamic IP Ad- 
dress object reports whether the client 
lease is permanent or timed. If the lease is 
timed, the Usage tab reports the date and 
the time the lease expires. 

You cannot modify the information on 
the Usage tab. To define the lease expira- 
tion properties, you use the Subnet Op- 
tions tab for the Subnet object associated 
with the IP address. 

You can do very little to affect a DHCP 
lease from the server side. Although you 
can delete the IP Address object associated 
with a lease, this action can create prob- 
lems because the client can continue to 
use the IP address until the Tl or T2 in- 
terval occurs. At that time, the client will 
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Figure 2. The Addressing tab for an IP Address object 


attempt to renew the lease. (For more in- 
formation about the process of requesting 
leases, see “NDS and DHCP: Configuring 
the DHCP Service in NetWare 5,” Net- 
Ware Connection.) Only then will the cli- 
ent discover that the lease has been lost. 

However, if you delete a dynamic IP 
Address object for an active lease, the IP 
address is immediately available for re- 
assignment. The DHCP server can then 
offer the IP address to a new client. Since 
the old client is still using the IP address, 
communication errors can occur. 

In practice, a Windows client generates 
an Address Resolution Protocol (ARP) 
request to determine whether the IP ad- 
dress the client has been assigned is being 
used by another device. If the client dis- 
covers a conflict, it will not bind IP to an 
IP address that is already being used. How- 
ever, some clients will not attempt to ob- 
tain a different DHCP lease and will dis- 
play an error message that requires user 
intervention. (This behavior can be elimi- 
nated by applying the Winsock 2 patch to 
Windows NT, 98, and 95 clients. The cli- 
ent can then discover an IP address con- 
flict, send a DHCPDECLINE message, 
and try to obtain a different IP address.) 

Unfortunately, DHCP will continue to 
offer this same IP address in response to 
subsequent DHCP client requests. Until 
you force the client that owns the lease to 
release the IP address, new clients will 
have difficulty obtaining a functional IP 
address. Before you delete an IP Address 
object, you should force the client associ- 
ated with that object to release its lease. 


Manual IP Address Objects 

In addition to obtaining an IP address 
from DHCP, clients can obtain a variety of 
configuration parameters, called DHCP 
options. For example, suppose that you 
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need to change the address of the default 
router on a subnet. Without DHCP, you 
must visit each IP device and manually 
edit its default router parameter. 

With DHCP, you can simply make the 
change on the DHCP server. Clients that 
lease their IP addresses will obtain the 
change the next time they renew their 
leases. Only clients that do not lease an IP 
address require manual intervention. 

Because dynamic IP addresses are dy- 
namic, you cannot be certain that a client 
will have the same IP address from one 
week to the next. However, some devices 
require fixed IP addresses. For example, 
DNS servers must have fixed IP addresses 
so clients can include these IP addresses in 
their configuration. Manual IP address ob- 
jects enable you to use DHCP to configure 
devices that require fixed IP addresses. 

To create a DHCP object, you must be 
logged in with a user account that has the 
Create right for the container object in 
which the DHCP object will be placed. To 
create a manual IP Address object, use the 
DNS/DHCP Management Console to 
complete the following steps: 


1. Select the DHCP Service tab. 

2. In the object tree on the left side of the 
DNS/DHCP Management Console, se- 
lect the Subnet object for the subnet 
that contains the IP address you want 
to define. 

3. Click the Create button in the toolbar. 

4. In the Create New DHCP Record dia- 
log box, select IP Address, and click the 
OK button. 

5. The Create IP Address dialog box ap- 
pears. Select Manual in the Assignment 
Type list box. The dialog box displays 
the fields shown in Figure 3. (See p. 24.) 

6. Complete the dialog box as follows: 

e IP Address. Enter the IP address to 


be assigned to the client. 

¢ Define Additional Properties. Check 
this box if you want to examine the 
detail parameters of the IP Address 
object after it is created. 

© Client Identifier. For Windows NT, 
98, and 95 clients, leave the default 
setting in this field. 

© MAC Type. In most cases, you can 
use the default setting, FF Any, for 
this field. The DHCP server then re- 
sponds to requests from DHCP clients 
on all types of physical networks. If 
desired, select the type of network to 
which the client is connected. 

e MAC Address. Enter the client’s 
MAC address using the format appro- 
priate for the type of network to 
which the client is attached. In most 
cases, the format consists of two-digit 
(16-bit) hexadecimal fields separated 
by colons. You can use the WINIP- 
CFG or IPCONFIG utility to deter- 
mine the MAC address of a Windows 
NT, 98, or 95 client. 


After you create the manual IP Address 
object, you can edit all of the detail pa- 
rameters, except the IP address. To change 
the IP address, you must delete the manual 
IP Address object and recreate it. 

Because a client does not learn of any 
changes until it renews its DHCP lease, 
you should avoid configuring manual IP 
Address objects with permanent leases. If 
the lease duration is permanent, the client 
will update its DHCP options only when 
the computer is restarted or when the lease 
is manually renewed. 


Exclusion IP Address Objects 

Some types of devices cannot function 
as DHCP clients. For example, at present 
all NetWare servers must be configured 
with static IP address parameters. In such 
cases, you should define exclusion IP Ad- 
dress objects that prevent these static IP 
addresses from being assigned to DHCP 
clients. A static IP address can be part of a 
range of dynamic addresses that is defined 
by a Subnet Address Range object. 

As mentioned earlier, the DNS/DHCP 
Management Console also automatically 
creates exclusion IP address objects to 
prevent the DHCP service from assigning 
prohibited IP addresses to clients. For ex- 
ample, the host ID part of an IP address 
cannot be all Os or all 1s. The DNS/DHCP 
Management Console creates exclusion 
IP Address objects to ensure that clients 
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Figure 3. You use this dialog box to define a manual IP Address object. 


cannot obtain these IP addresses. 

On the network 192.168.1.0 with the 
subnet mask 255.255.255.0, the DNS/ 
DHCP Management Console creates ex- 
clusion IP Address objects for 192.168.1.0 
and 192.168.1.255. The exclusion IP Ad- 
dress objects may appear under a Subnet 
Address Range object if the subnet address 
range includes the static IP address. 

To define an exclusion IP Address ob- 
ject, complete the following steps: 


— 


. In the object tree of the DNS/DHCP 
Management Console, select the Sub- 
net object for the subnet that contains 
the IP address you want to define. 

. Click the Create button in the toolbar. 

3. In the Create New DHCP Record dia- 
log box, select IP Address, and click the 
OK button. 

. The Create IP Address dialog box ap- 
pears. Select Exclusion in the Assign- 
ment Type list box. The dialog box 
adjusts to display the fields shown in 
Figure 3. 

. Enter the IP address in the IP Address 
fields, and click the OK button. 


i) 


aw 


Nn 


After you create an exclusion IP Ad- 
dress object, you can modify only the 
Comments field on the object’s details 
page. You should use this field to describe 
the purpose of the object. For example, 
you may identify the device that uses the 
IP address. (Interestingly, | have been un- 
able to convert an object that is created as 
an exclusion IP Address object to a manu- 
al IP address object, but I have successfully 
converted manual IP Address objects to 
exclusion IP Address objects and back.) 


SUPPORTING DYNAMIC DNS 

A relatively recent addition to the 
DNS and DHCP specifications, Dynamic 
DNS enhances the value of the DHCP 
service. Prior to Dynamic DNS, DHCP 
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clients could not be assigned dynamic IP 
addresses if it was necessary to identify 
these clients in DNS. After all, DNS Ad- 
dress resource records are defined statically. 
With Dynamic DNS, however, DHCP can 
update Address resource records as client 
leases are granted and revoked. 

Of course, to implement Dynamic 
DNS, you must be familiar with DNS ad- 
ministration. For more information about 
DNS, read “NDS and DNS: Configuring 
DNS Services in NetWare 5” (NetWare 
Connection, Feb. 1999, pp. 29-38) and 
“The DNS Service in NetWare 5: Going 
Beyond the Configuration Basics” (Net- 
Ware Connection, Mar. 1999, pp. 30-37). 
(You can download these articles from 
http://www.nwconnection.com/past.) 

Dynamic DNS has one fundamental 
limitation: All clients that receive their IP 
addresses from the same DHCP subnet are 
placed in the same DNS domain. If your 
company’s DNS domain name space in- 
cludes subdomains, such as subdomains for 
individual departments, you must design 
your network subnets so that each depart- 
ment has its own DHCP subnet. 

Apart from that precaution, Dynamic 
DNS is quite easy to implement. The pro- 
cedure is as follows: 


1. Create any required DNS forward- and 
reverse-naming zones. 
2. Define the required DHCP Subnet and 
Subnet Address Range objects. 
3. Select a DHCP Subnet object to display 
its detail page. The Dynamic DNS pa- 
rameters are found on the Addressing 
tab. To configure Dynamic DNS, com- 
plete the following fields: 
¢ DNS Zone for Dynamic Update. Se- 
lect the DNS zone that is to receive 
Address resource records that DHCP 
creates for this subnet. 

¢ Domain Name. Specify the domain 
or subdomain in which Address re- 


source records will be created for this 
subnet. The domain name in this 
field must be the same as or a subdo- 
main of the domain defined in the 
zone identified in the DNS Zone for 
Dynamic Update field. For example, 
suppose that the user’s computer 
name is blythe and the value of the 
Domain Name field is eng.pseudo- 
corp.com. Dynamic DNS creates an 
Address record for blythe.eng and 
places this resource record in the 
pseudo-corp.com zone, resulting in an 
effective DNS name of blythe.eng. 
pseudo-corp.com. 

4. Click the Save Data to NDS button in 
the toolbar, and respond to the prompt 
to save the changes. 

5. Select the Subnet Address Range object 
that is used to dynamically assign IP ad- 
dresses for this subnet. 

. Select one of the following options in 
the Range Type field: 
¢ Dynamic DHCP. DHCP uses a host 

name supplied by the client (via 

DHCP option 12) to create DNS Ad- 

dress records. This option is preferred 

if only Windows NT, 98, and 95 cli- 
ents will access the subnet since all 

Windows clients send their NetBIOS 

names to DHCP. This option also 

works for other clients that send their 
names to the DHCP server. 

Dynamic BOOTP and DHCP. This 

option supports Dynamic DNS using 

computer names supplied by the cli- 
ent. This option also enables support 
for BOOTP clients on the subnet. 

Dynamic DHCP with Automatic 

Hostname Generation. This option 

supports clients that do not send a 

computer name to DHCP. A DNS 

name is generated by appending the 
client’s IP address as a suffix to the 
name specified in the Auto Hostname 

Starts With field. If a client does sup- 

ply its name, that name will be used 

to create the DNS Address record. 

7. Click the Save Data to NDS button in 
the toolbar. 

8. Restart the DHCP service. 


OV 


If you activate Dynamic DNS with 
automatic hostname generation enabled, 
the DNS/DHCP Management Console 
populates the DNS database with a range 
of Address resource records. For exam- 
ple, if the value of the Auto Hostname 
Starts With field is Pseudo and the Sub- 
net Address Range starts with address 
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Figure 4. This network incorporates a VLAN and requires DHCP Subnet Pool objects. 


192.168.1.25, an Address resource record is 
created with the hostname Pseudo_192_ 
168_1_25. As you can see, a user must 
know the device’s IP address to determine 
the automatically generated DNS name. 

In addition, DHCP clients may change 
their IP addresses from time to time, so 
their automatically generated DNS name 
may change as well. Consequently, the 
preferred technique is to use DHCP option 
12 hostnames whenever possible, a capa- 
bility that is always used with Windows 
NT, 98, and 95 clients and can be enabled 
on most other DHCP clients. 


USING SUBNET POOL OBJECTS 

Subnet Pool objects solve a specific 
problem. They enable DHCP to assign IP 
addresses to clients attached to virtual 
LANs (VLANs), which are network seg- 
ments that are associated with more than 
one IP address range. Before you learn how 
to configure Subnet Pool objects, you need 
to understand why and when these objects 
are required. 


Requirements for Subnet Pool Objects 

Figure 4 depicts a network that in- 
corporates a VLAN. Notice that the 
router interface that attaches to the bot- 
tom network is bound to two IP addresses, 
192.168.2.1 and 192.168.3.1. (The subnet 
mask is the default for class C networks, 
255.255.255.0.) 

Devices on that network segment can 
be assigned IP addresses for networks 192. 
168.2.0 and 192.168.3.0. These two class 
C subnets are logically distinct from one 
another. Device 192.168.2.80 cannot com- 
municate directly with device 192.168. 
3.105 because the devices are attached to 
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separate IP subnets. To exchange packets, 
these devices must communicate through 
a router. 

Suppose that subnets 192.168.2.0 and 
192.168.3.0 are defined in DHCP Subnet 
objects. Also suppose that Subnet Address 
Range objects are created so addresses are 
available on each subnet for dynamic as- 
signment. As Figure 4 shows, the DHCP 
server is not directly attached to these net- 
works. DHCP clients on the VLAN com- 
municate with the DHCP server using the 
BOOTP forwarder on the router. This 
configuration has important consequences. 

When a DHCP client initializes on the 
network, it does not have an IP address. 
The client does not even know the IP sub- 
net to which it is attached. Consequently, 
the client must identify itself using its 
hardware address, and the client can send 
messages only to the general broadcast 
address of 255.255.255.255. 

However, broadcast messages do not 
cross routers, and an IP device cannot 
communicate with a device on a remote 
subnet using only the remote device’s 
hardware address. Until the client is as- 
signed an IP address, no communication 
can take place directly between the DHCP 
client and the DHCP server. 

The BOOTP forwarder acts as an in- 
termediary. When a DHCP client on the 
VLAN broadcasts a DHCPDISCOVER 
request to obtain an IP address, the 
BOOTP forwarder intercepts the request 
and passes it on to the DHCP server. To 
enable the DHCP server to determine the 
subnet from which the request originated, 
the BOOTP forwarder includes with the 
forwarded request the first IP address that 
is bound to the interface from which the 


DHCPDISCOVER packet was received. 
In the case of the network in Figure 4, that 
address is 192.168.2.1. The DHCP server 
responds by offering an IP address lease on 
subnet 192.168.2.0, which the BOOTP 
forwarder passes on to the DHCP client. 

This scenario works until the DHCP 
server exhausts the addresses available on 
subnet 192.168.2.0. IP address leasing then 
comes to a halt. Because the BOOTP for- 
warder does not keep track of active 
DHCP leases, it does not know that leases 
are exhausted for subnet 192.168.2.0. Con- 
sequently, the BOOTP forwarder contin- 
ues to supply its first bound IP address of 
192.168.2.1 in all DHCPDISCOVER 
packets forwarded to the DHCP server. 

In addition, the DHCP server has no 
knowledge of the network topology. As a 
result, the DHCP server is unaware that 
clients on the network segment can be as- 
signed IP addresses from subnet 192.168. 
3.0 as well as from subnet 192.168.2.0. 

Subnet Pool objects notify the DHCP 
server that two or more Subnet objects are 
associated on a VLAN. When subnets 
192.168.2.0 and 192.168.3.0 are pooled, 
the DHCP server knows that it can allo- 
cate IP address leases from subnet 192.168. 
3.0 when all the available addresses on 
subnet 192.168.2.0 have been leased. 


Managing Subnet Pool Objects 
To create a Subnet Pool object, use the 


DNS/DHCP Management Console to 


complete the following steps: 


1. Create a Subnet object for each IP sub- 
net on the VLAN. These Subnet ob- 
jects should be functionally equivalent, 
offering the same lease duration, DHCP 
options and Dynamic DNS support. 

. Create a Subnet Address Range object 
for each subnet on the VLAN. These 
Subnet Address Range objects should 
also be functionally equivalent. 

. Click the Create button in the toolbar, 

and select Subnet Pool from the Create 

New DHCP Record dialog box. 

Complete the Create Subnet Pool dia- 

log box as follows: 

¢ Subnet Pool Name. Supply a descrip- 

tive name for the Subnet Pool. 

© Select NDS Context. Specify the 

NDS context in which the Subnet 
Pool object is to be created. 
5. Click Create. 


NO 


Qo 


* 


Now you can assign Subnet objects to 
the pool. For each Subnet object in the 


subnet pool, complete the following steps: 


1. Select the Subnet object in the object 
tree to display its detail parameters. 

2. In the Subnet Pool Reference field, se- 
lect the subnet pool to which the sub- 
net will belong. 

3. Click the Save Changes to NDS button 
in the toolbar. 


After all of the required Subnet objects 
have been added to the subnet pool, you 
must stop and then start the DHCP ser- 
vice to activate the changes. 


SUPPORT FOR DHCP OPTIONS 

DHCP options provide a convenient 
way to centrally manage a variety of TCP/ 
IP configuration parameters. This section 
explains how to enable the NetWare 5 
DHCP service to support these options. 

You can assign DHCP options at three 
different levels: 


¢ Global DHCP Options. You can define 
global DHCP options that provide de- 
fault values for all clients on all subnets. 
Global options are useful when config- 
uring settings that apply to all clients 
such as the addresses of the organiza- 
tion’s DNS servers. 

Subnet DHCP Options. You can define 
DHCP options for specific Subnet ob- 
jects. Subnet options override any cor- 
responding global DHCP options and 
are useful for configuring settings that 
are unique to a subnet. 

IP Address DHCP Options. You can 
define DHCP options individually for 
manual IP Address objects. Options 
assigned to manual IP Address objects 
override corresponding options that are 
assigned globally or to Subnet objects. 


You should begin by defining global 
DHCP options that will apply to all 
DHCP clients. For example, if all clients 
use the same DNS servers, you can enter 
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2. Click the Modify button in the Global 


Preferences dialog box to open the 
Modify DHCP Options dialog box. (See 
Figure 5 on p. 30.) The Selected DHCP 


Options list shows the active options. 


3. To add a DHCP option to the Selected 


DHCP Options list, select the option in 
the Available DHCP Options list, and 
click Add. To remove a DHCP option, 
select it in the Selected DHCP Options 
list, and click the Remove button. 


. To configure the parameters for a 


DHCP option, select the option in the 
Selected DHCP Options list. The lower 
part of the Modify DHCP Options dia- 
log box changes to display data entry 
fields appropriate for the option. Some 
options accept a single value that can 
be entered into the field provided. Most 
options accept multiple values that 
must be added individually. A variety 
of operations are supported with options 
that accept multiple values: 


© To remove a value, select the value, 
and click the Delete button. 

© For some DHCP options, you can edit 
individual parameters by selecting the 
parameter and clicking the Update 
button to open a dialog box. 

© For some DHCP options (such as the 
Directory Agent option shown in Fig- 
ure 5 on p. 30), the parameters must 
appear in the order of preferred use. 
To adjust the position of a parameter, 
select it, and click the Up or Down 
buttons. 


5. After you have added and configured all 


required DHCP options, click the OK 
button. DHCP options that have not 
been configured with parameter values 
are not saved. The DHCP options, 
along with their parameters, are listed 
in the Global DHCP Options tab of 
the Global Preferences dialog box. 


After you define global DHCP options, 


you can define DHCP options for Subnet 
and manual IP Address objects. To do so, 
select the object in the object tree of the 
DNS/DHCP Management Console. In the 


© To add a value to the list, click the 
Add button to open a dialog box 
that accepts data appropriate for the 
option. 
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the addresses of the DNS servers as global 
DHCP options. If you have defined a Ser- 
vice Location Protocol (SLP) directory 
agent that will be used by all clients, you 
can add the Directory Agent DHCP op- 
tion as a global DHCP option. 

To define global DHCP options, com- 
plete the following steps: 
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1. Click the Global Preferences button in Robust Macintosh NetWare Connectivity 


the DNS/DHCP Management Console 
toolbar. 


For more information, visit http://advertise.nwconnection.com. 


fi Modify DHCP Options 
Available DHCP Options: 


Option Name | id 
Default Finger Server 4 


Add == 


<< Remove | 


Default IRC Server 


Selected DHCP Options: 


Option Name | i 


Domain Name Server 


Directory Agent 
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NetWare/IP client 
parameters. (For 
information about 
these suboptions, 


see Table 2-6 in 
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Figure 5. You use this dialog box to configure DHCP options. 


object detail pages, select the Other 
DHCP Options tab, and click the Mod- 
ify button to open the Modify DHCP Op- 
tions dialog box. You can then configure 
DHCP options you want to use. 


COMMON DHCP OPTIONS 

You can configure dozens of DHCP cli- 
ent options. In fact, the set of DHCP op- 
tions is extensible, and Novell has defined 
a variety of options that are of particular 
interest to NetWare administrators. Sup- 
ported DHCP options are discussed briefly 
in the Novell DNS/DHCP Administrator's 
Guide that is included in the NetWare 5 
online documentation. This section de- 
scribes the options that are most signifi- 
cant to NetWare 5. 

Windows NT, 98, and 95 clients use 
only a few of the available DHCP options. 
You should be aware of the following: 


¢ Router (Option 3). This option speci- 
fies a list of one or more IP addresses 
that the client will use as default routers. 

* Domain Name Server (Option 6). This 
option specifies a list of one or more IP 
addresses of DNS servers. 


Two options apply to Net Ware/IP and 
the NetWare 5 IPX compatibility mode. 
These options are discussed in Request For 
Comments (RFC) 2242. (You can down- 
load this RFC from http://www.ietf.org.) 


¢ NetWare/IP Domain Name (Option 
62). This option specifies the name of 
the NetWare/IP domain. 

¢ IPX Compatibility (Option 63). This 


option supports suboptions to configure 
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dent applications on 
pure IP networks: 
¢ IPX Network Number (Option 63- 
12). This option specifies the IPX net- 
work number of the compatibility mode 
network. 
¢ IPX Stale Time (Option 63-13). This 
option specifies a minimum time in 
minutes that must expire before the 
client attempts to renew its migration 
agent address information. This option 
applies when the client is configured to 
discover migration agents dynamically. 
Migration Agents (Option 63-14). 
This option specifies a list of IP address- 
es that identify migration agents avail- 
able to the client. If the client is not 
configured with the IP addresses of a 
migration agent, the client uses dynamic 
discovery to identify these agents. 


You can configure SLP clients with a 
variety of new DHCP options: 


¢ Directory Agent (Option 78). This op- 
tion specifies the IP addresses of statical- 
ly defined SLP Directory Agents. 

¢ Service Scope (Option 79). This option 
specifies the names of any SLP scopes in 
which the client will participate. 


Space does not permit this article to 
discuss the proper use of each of these op- 
tions. For more information, consult the 
following resources: 


e RFC 2132 describes most of the stan- 
dard DHCP options. (You can download 
this RFC from http://www.ietf.org.) 

e “Migrating to Pure IP” (NetWare Con- 
nection, Sept. 1998, pp. 34-37) discuss- 
es the compatibility mode network and 


its use when supporting legacy IPX ap- 
plications. “Service Location Protocol” 
(NetWare Connection, July 1998, pp. 
32-37) describes the SLP support in 
NetWare 5. (You can download both 
of these articles from http://www. 
nwconnection.com/past.) 

© Novell’s Guide to NetWare 5 and TCP/IP 
(Drew Heywood, Novell Press ISBN 0- 
7645-4564-7) includes chapters on SLP 
and the configuration of the compati- 
bility mode support, including informa- 
tion that was unavailable when the 
articles listed above were written. 


Configuring DHCP Clients to Use 
DHCP Options 

When clients are to be configured using 
DHCP options, you must clear the corre- 
sponding parameter in the client’s static 
configuration settings. Any parameters 
that are statically defined at the client take 
precedence over parameters that are re- 
ceived from DHCP options. 

Clients exert significant control over 
the DHCP configuration process and do 
not necessarily accept settings defined in 
DHCP options. For example, the Tl and 
T2 intervals that determine when leases 
must be renewed are defined by settings in 
the registries of Windows NT, 98, and 95 
clients. Although DHCP options can be 
configured to specify the Tl and T2 inter- 
vals (options 58 and 59 respectively), 
these DHCP options have no effect on 
Windows clients. If your network includes 
clients that are not supported by the Net- 
Ware 5 client software, you should review 
the specifications of the clients’ TCP/IP 
protocol stacks to determine their specific 
behaviors with regard to DHCP. 


CONCLUSION 

This article ends a series of four articles 
that discuss the fundamentals of managing 
the NetWare 5 DNS and DHCP services. 
These services are fairly complex, and the 
space available forced me to examine their 
features selectively. However, the informa- 
tion in these articles should be enough to 
get you started. 

Drew Heywood is a network administrator 
who currently spends most of his time writing 
books and articles about networking. His 
latest book is Novell’s Guide to NetWare 5 
and TCP/IP, written for Novell Press. Drew 
holds CNE and MCSE certifications. 

Drew would like to thank Chuck Flood of 
Novell for his help. Chuck provided technical 


advice and reviewed the finished article. @ 
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CNE of the Year 
Tom Waknitz 


n front of a packed audience of CNEs and IT professionals at 

BrainShare ’99, Roger Blomgren, vice president of Novell Edu- 
cation, presented the first annual CNE of the Year award to Tom 
Waknitz. Waknitz is an incredibly talented CNE who currently 
works at GE Capital IT Solutions. 


WAKNITZ’S FIRST EXPERIENCE WITH NETWARE 

Waknitz first heard about NetWare while researching a way 
to connect multiple Computer Aided Drafting (CAD) systems 
together: “In my research to connect our CAD systems together, 
I ran into this software called Novell NetWare. Then I started 
to learn that I could use NetWare and this stuff called thick 
coax to actually hook these computers up, as opposed to the six- 
port serial black box I had put in place. Suddenly, | was the guy 
that could help engineering talk to materials and accounting to 
purchasing, and they could all print to a couple of shared print- 
ers. Thus [I began] a career for myself that to this day is still 
both very challenging and creative. I spent the next two years 
helping build and maintain that first computer network.” 

After learning more about NetWare at a few other jobs, Wak- 
nitz knew that certification would open the door to exciting ca- 
reer opportunities. Waknitz says, “I was hooked. I needed to take 
a job as a real LAN administrator. I knew that to gain credibility 
in this field, I needed to be certified. | could see it in both my sal- 
ary and customer comments. I was good at what I did, but the in- 
dustry wanted certified staff to complete the installs.” 


CERTIFICATION: THE SECRET TO WAKNITZ’S SUCCESS 
Waknitz attributes his success to his Novell training and cer- 
tifications. “I feel that [Novell certifications] are the cornerstone 
of my success. I personally have realized more than a 100 percent 
increase in my salary from 1995 to 1999 because of my certifica- 
tions. Believe me, the pay increase is nice, but there is no better 
feeling than being the guy in the room with all the certifications 
and the knowledge to use a Novell solution to solve a problem.” 


SO WHERE IS WAKNITZ NOW? 

Waknitz is currently the Novell Business Development Man- 
ager for GE Capital IT Solutions. Waknitz continues to learn 
and to earn certifications. In fact, he holds the following certifi- 
cations: CNE and Certified Novell Administrator (CNA) for 
NetWare 5, intraNetWare, and NetWare 3; Enterprise Certified 
Novell Engineer (ECNE); Master CNE for Connect and Mes- 
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Roger Blomgren, Tem Waknitz, Richard Nortz 


saging; and Certified Novell Instructor (CNI) and Master CNI. 
In addition, Waknitz is a Certified Novell Salesperson (CNS). 

Waknitz manages a highly respected and accomplished 
team of Master CNEs who implement Novell solutions. Wak- 
nitz says: “Today I manage six systems engineers dedicated to the 
design, installation, and configuration of the Novell product line. 
These six guys are the best anywhere because we have a few 
simple rules: You take a class at an NAEC or complete a self- 
study program, you take the test to stay certified, and you teach 
each other what you know about how these products work.” His 
team’s motto is “Information is knowledge, knowledge is power, 
and with that power we intend to make Novell king!” 


SUCCESS STORY 

Waknitz has managed the installation of NetWare and Novell 
Directory Services (NDS), GroupWise, ManageWise, Border- 
Manager, Zero Effort Networks (Z.E.N.works), and NDS for NT 
for several organizations including schools, government institu- 
tions, and private corporations. On one occasion, a large company 
had hired a systems engineer who was not trained and not certi- 
fied to install and configure NetWare 4.11, NDS, and GroupWise 
5.2. Because of some major problems with the installation, this 
company asked Waknitz and his team to help out. 

Waknitz explains, “After several months of working on this 
install, the company was unable to get NDS and GroupWise to 
perform how management knew [these products] could perform. 
Although this network was really a mess and things were not work- 
ing, [the problems] stemmed from the fact that the original sys- 
tems engineer had no training! When I came on the scene, it was 
very easy for me to see the solutions that needed to be implement- 
ed. The information we learned in the Novell courses and testing 
for certification gives us the knowledge to understand how Novell 
products work. This knowledge gives us the power to implement 
the solutions that solve business needs today and in the future.” 


WHAT IT TAKES TO BE CNE OF THE YEAR 

For more information about the criteria Novell Education used 
to choose the CNE of the Year and for additional success stories, 
visit http://education.novell.com/certinfo/success.htm. @ 
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NDS 8 


Rev Up Your Directory Tree 


D° you want to save your company thousands of dollars in 
network management costs? This is not a rhetorical ques- 
tion. You can actually save your company thousands of dollars by 
consolidating your network databases into a single directory— 
Novell Directory Services (NDS). 

Over the years, Novell has evolved NDS into a solution that 
enables you to manage your entire enterprise network—including 
users, groups, printers, applications, workstations, proxy servers, 
firewalls, bridges, routers, and more—from a central location. The 
next generation of NDS, called NDS 8, provides a highly scalable, 
standards-based solution that makes NDS the only directory you 
need for enterprise networks, extranets, and the Internet. NDS 8 
for the NetWare platform, which is currently in beta testing, is 
available for downloading from http://support-novell.com/beta/ 
public. (NDS 8 cross-platform support will be available in the 
near future.) 


WHAT IS NDS 8? 

NDS 8 delivers the reliability, manageability, and security 
of earlier versions of NDS and provides the following addi- 
tional benefits: 


¢ Unlimited scalability 

e Standards-based, native Lightweight Directory Access 
Protocol (LDAP) 3 

¢ Directory importing and exporting capabilities based on 
LDAP Data Interchange Format (LDIF) 1 

¢ New and improved ConsoleOne management tool 

¢ Internet-ready security 


Unlimited Scalability 

NDS 8 incorporates an underlying database that greatly im- 
proves the performance and scalability of NDS, enabling you to 
store at least one billion (possibly more) objects in one directory 
tree. As a result, NDS 8 supports millions of more objects than 
competing directories support. 

As Novell demonstrated at BrainShare ’99 in Salt Lake City, 
NDS 8 provides scalable performance, regardless of how many 
objects the directory tree contains and how quickly objects are 
added to the directory tree. During a BrainShare ’99 general ses- 
sion, millions of network objects were added to a directory tree 
until the tree contained one billion users. As the objects were 
being added to the directory tree, NDS 8 performed search 
queries with consistent speed. With other directories, the time 
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it takes to perform search queries increases in direct proportion 
to the number of objects stored in the directory tree. 

One billion objects in a single directory tree may seem unreal 
or even unnecessary. However, current business trends show that 
an increasing number of companies are using the Internet to 
connect their employees to customers, partners, suppliers, and so 
on. To connect these virtual business communities, known as 
extranets, companies require a massively scalable directory such 
as NDS 8. Because NDS 8 supports a virtually unlimited number 
of objects, NDS 8 is also a viable directory for Internet service 
providers (ISPs), telephone companies, and other large enter- 
prises that support thousands or even millions of customers. 


Native LDAP 3 

Because NDS 8 includes native LDAP 3, NDS 8 can inter- 
operate with LDAP-based directories and applications. Although 
earlier versions of NDS supported LDAP, this support was pro- 
vided via an LDAP gateway that you had to install separately. 
Because LDAP is native in NDS 8, you do not have to separately 
install an LDAP gateway. 

NDS 8 also supports auxiliary classes as defined by the LDAP 
specification. Auxiliary classes enable you to extend the attri- 
butes, or properties, of a single object without having to extend 
the base class from which the object was derived. For example, 
suppose that you want to add a new attribute to the Debi User 
object. To add the new attribute in earlier versions of NDS, you 
would have to add the attribute to the base class for User objects. 
You would then add the attribute to all User objects in the dir- 
ectory tree. 

With auxiliary class support in NDS 8, however, you can add 
an attribute to only the Debi User object. You do not have to 
change the base class for User objects. Auxiliary classes in NDS 
8 are dynamic: You can associate auxiliary classes with objects, 
or you can remove the attributes on the fly. 

NDS 8 also supports additional naming attributes for User 
objects, which are defined in the LDAP 3 specification. In 


addition to the standard NDS cn= naming 
attribute, NDS 8 supports the following: 


¢ Unique Identifier (UID) naming 
e DNS naming support, dc= 


These attributes for User objects 
increase the interoperability between 
NDS and LDAP-based directories. For 
example, these attributes enable the 
NDS tree structure to resemble the struc- 
ture of other LDAP-accessible directories 
and enable you to perform LDAP queries 
on these attributes. 


Directory Importing and 
Exporting Capabilities 

To help you build directory trees that 
contain millions or even billions of ob- 
jects, NDS 8 supports LDIF 1, an emerg- 
ing Internet standard that is currently in 
draft form before the Internet Engineering 
Task Force (IETF). LDIF 1 describes a file 
format for importing and exporting direc- 
tory information between LDAP-based 
directory servers. 

NDS 8 includes the BULKLOAD 
utility, which enables you to use LDIF 
files to add, delete, or modify objects in 
your directory tree. You can create LDIF 
files in the following ways: 


¢ Manually create an ASCII file in LDIF 
format. 

e Use an LDIF-generation utility to gen- 
erate an LDIF file. 


e Export directory information from an 


LDAP-based directory. 


New and Improved ConsoleOne 

Now that your company’s directory 
tree contains millions of objects, how do 
you manage it? NDS 8 includes Console- 
One 1.2, an entirely new and significantly 
improved client-side management tool. If 
you have used ConsoleOne in NetWare 5, 
the first thing you will notice about the 
new version of ConsoleOne is that its per- 
formance has been improved significantly. 
In addition, the features provided by Con- 
soleOne 1.2 are on par with the features 
provided by the NetWare Administrator 
(NWADMIN) utility. 

Although you can still use the NWAD- 
MIN utility to manage an NDS 8 tree, 
Novell recommends that you use Console- 
One 1.2. Novell makes this recommenda- 
tion because ConsoleOne 1.2 can effec- 
tively gather and display the contents of 
large container objects. When you browse 
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a container object that contains thousands 
of objects, ConsoleOne 1.2 retrieves and 
displays the contents of the object one 
page at a time. The NWADMIN utility, 
on the other hand, gathers all of the con- 
tents of the container object before dis- 
playing the information. As a result, using 
the NWADMIN utility to browse large 
directory trees can be quite cumbersome. 

You should also consider using Con- 
soleOne 1.2 because Novell has an- 
nounced that ConsoleOne is its manage- 
ment strategy for the future. In addition, 
ConsoleOne 1.2 supports a snap-in archi- 
tecture that enables new features and 
functionality to be added to the manage- 
ment console. As your company’s network 
expands and you need to manage diverse 
hardware and software or third-party net- 
work components and systems, new capa- 
bilities can be added to ConsoleOne 1.2, 
enabling you to manage the components. 

As a pure Java application, Console- 
One is a cross-platform solution and is eas- 
ily extensible to the web. In fact, Novell 
has indicated that the next release of Con- 
soleOne will snap into the web. 


FAXCOMS for NetWare 
provides a NetWare-integrated 
fax management solution for 
users of Novell NetWare-based 
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NetWare will let you use your 
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transmitting and automatically 
routing received faxes. 
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If these reason don’t convince you to 
use ConsoleOne 1.2, the new feature set 
will. These features include the following: 


¢ Enhanced Search Capabilities. Con- 
soleOne 1.2 allows you to use complex 
search queries. For example, you can 
search for objects that have Supervisor 
rights to the [Root] of the directory tree. 

@ Manage All NDS Objects. Console- 
One 1.2 provides all of the object man- 
agement capabilities found in the NW- 
ADMIN utility. You can create, move, 
rename, delete, and modify all objects 
in the tree. You can also modify attri- 
butes of multiple objects simultaneously. 

¢ Simplified Rights Management. Con- 
soleOne 1.2 enables you can to manage 
all object and property rights as well as 
file system rights and attributes. 

¢ Schema Extension Capabilities. You 
can use ConsoleOne 1.2 to extend the 
NDS schema to accommodate new 
types of objects and properties in the 
directory tree. 

¢ LDAP Management. You can use Con- 
soleOne 1.2 to configure LDAP services, 
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to manage LDAP mappings, and to con- 
trol LDAP access to the directory tree. 


Internet-Ready Security 

When you create an extranet, you must 
connect outside, authorized individuals— 
such as customers, partners, and suppli- 
ers—to resources on your company’s pro- 
tected network. The directory that you use 
to connect these users must provide a high 
level of security and access control. Can 
you think of a directory that provides 
better security and access control than 
NDS? Probably not. 

NDS has always offered authentica- 
tion services that are highly secure. NDS 
8 offers additional security features that 
help ensure a secure environment as 
your private network extends to support 
e-commerce, extranets, and the Internet. 
These features include the following: 


© Full integration of Secure Sockets Layer 
(SSL) to provide secure Internet access 

e Enhanced support for public key infra- 
structures (PKI) and cryptography 

e Support for X.509v3 certificates and 
smart cards 


COMPATIBILITY IS NOT AN ISSUE 

If you have installed NDS updates be- 
fore, I am happy to tell you that compati- 
bility is not an issue with NDS 8. The 
NDS versions that are required to run a 
mixed NetWare 4 and NetWare 5 tree 
(NDS 5.17 or higher) are the same ver- 
sions required for NDS 8. If your directory 
tree is NetWare 5 compatible, you can in- 
stall NDS 8, and it will perform seamlessly. 

However, you should be aware of a few 
caveats: First, if a replica ring includes 
multiple versions of NDS, the features 
offered will be limited to the lowest com- 
mon denominator in the replica ring. (A 
replica ring includes all of the servers that 
hold copies of a given partition.) 

For example, if some servers in a replica 
ring are running NDS 5.17 or 6.02 and 
you add a server that is running NDS 8, 
the replica ring will be bound by the limi- 
tations of the earlier versions of NDS. In 
short, if you want to fully leverage the en- 
hancements in NDS 8, all of the servers in 
a replica ring should be running NDS 8. 

Second, if some servers in the directory 
tree will continue to run a previous ver- 
sion of NDS, you must run an updated 
version of the DSREPAIR utility on one 
of these servers to ensure schema compati- 


bility with NDS 8. 
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INSTALLING NDS 8 STEP-BY-STEP 
To install NDS 8, you must complete 
the following steps: 


1. Download the current release of NDS 
8, NetWare Support Pack 2, the up- 
dated DSREPAIR utility, and Novell 
International Cryptography Infrastruc- 
ture (NICI) 1.2 for NetWare 5. 

2. To ensure schema compatibility in the 
directory tree, run the updated DS- 
REPAIR utility on servers that you will 
not upgrade to NDS 8. 

3. Install NetWare 5 Support Pack 2. 

4. Install NICI 1.2 if you plan to use this 
security cryptography service. 

5. Install NDS 8. 

6. Install ConsoleOne 1.2. 


Downloading the Files You Need 
Before installing NDS 8, you will need 
to download the following: 


e NDS 8. NDS 8 includes DS.NLM, 
DSLOADER.NLM, DSI.NLM, 
NLDAPNLM, ConsoleOne 1.2, and 
the NWADMIN utility. As this article 
goes to press, NDS 8 is in open beta. 
You can download NDS 8 from Novell's 
Beta Program web site (http://support. 
novell.com/beta/public). After the beta 
testing is completed, you will be able to 
download the final version of NDS 8 
from Novell’s Software Downloads web 
site (http://www.novell.com/download). 
NetWare 5 Support Pack 2. You must 
install this support pack on NetWare 5 
servers that will run NDS 8. As this 
article goes to press, NetWare 5 Sup- 
port Pack 2 is also in open beta. You 
can download this support pack from 
Novell’s Beta Program web site (http:// 
support.novell.com/beta/public). After 
the beta testing is completed, you 
can download the support pack from 
Novell’s Support Connection web 
site (http://support-novell.com/misc/ 
patlst.htm). 
Updated DSREPAIR Utility. You can 
download the updated DSREPAIR 
utility from Novell’s Beta Program web 
site (http://support-novell.com/beta/ 
public). After the beta testing is com- 
pleted, you will be able to download 
the final version of the DSREPAIR 
utility from Novell’s Software Down- 
loads web site (http://www.novell. 
com/download). 

Updated versions of the DSREPAIR 
utility are provided for NetWare 4.10, 


NetWare 4.11, and NetWare 5. If 
some servers in the directory tree will 
continue to run previous versions of 
NDS, you must run the DSREPAIR 
utility on one of these servers to ex- 
tend the schema. 

e NICI 1.2 for NetWare 5. If you plan 
to use NICI, you must install NICI 1.2, 
which contains updates that make 
NICI compatible with NDS 8. You can 
download NICI 1.2 from http://www. 
novell.com/products/cryptography. 


Installing and Running the 
DSREPAIR Utility 

If the directory tree contains NetWare 
4.10, NetWare 4.11, or NetWare 5 ser- 
vers that will not be upgraded to NDS 8, 
you must run the DSREPAIR utility on 
one of the servers that contains a replica 
of the [Root] partition. For example, if a 
replica of the [Root] partition is stored 
on a NetWare 4 server and a NetWare 5 
server, you should run the DSREPAIR 
utility on one server or on the other, but 
not on both. 

The server on which you run the DS- 
REPAIR utility will then propagate the 
schema changes to all of the other servers 
in the directory tree. You must complete 
this step before installing NDS 8. 

To ensure that the servers running 
previous versions of NDS are compat- 
ible with NDS 8, complete the follow- 
ing steps: 


me 


. Double-click the 4X5XREP.EXE file in 
Windows or type the filename at a DOS 
prompt. After the file is expanded, you 
will see a NetWare 4.x and a NetWare 
5 DSREPAIR directory. 

Copy the appropriate DSREPAIR.NLM 

to a server that contains a replica of the 

[Root] partition of the directory tree. 

For example, if you will be running the 

DSREPAIR utility on a NetWare 5 ser- 

ver that contains a replica of the [Root] 

partition, use the DSREPAIR NLM in 
the NetWare 5 directory. 

. Load the DSREPAIR NLM at the ser- 

ver console. 

. Select the Advanced Options menu. 

. Select the Global Schema Operations 

option. 

6. You are prompted to authenticate to 
the directory tree. Enter the login name 
and password for ADMIN or a user 
with equivalent rights. 

7. Select Post NetWare 5 Schema Update. 

The NDS schema is then updated. 


» 


OQ 


np 


Installing NetWare 5 Support Pack 2 


NetWare 5 Support Pack 2 provides 


updates to services included with NetWare 


5; 


related protocols, and the NetWare 5 


operating system itself. When you install 
the support pack, the installation program 
checks the version and the date of each 
file copied to the server. Newer files are 
not overwritten. 


You must complete the following steps 


before installing NetWare 5 Support Pack 
2 on the NetWare 5 server: 


— 


nN 


Ww 


. Unload the JAVA.NLM and all Java 


applications on the NetWare 5 server. 
The JAVA.NLM and the java class li- 
braries can then be updated. 


. If you are running an IP-only environ- 


ment, load IPXSPX.NLM. This NLM is 
required to successfully install NetWare 
5 Support Pack 2. 


. Record current SET parameter values 


on the NetWare 5 server. NetWare 5 
Support Pack 2 resolves a problem with 
the registry. This fix resets all SET pa- 
rameters to the NetWare 5 default 
values. To record modified SET param- 
eters, complete the following steps at 
the server console: 

a. Load the CONLOG NLM. 

b. Type Display Modified Environment. 
The information displayed on the 
screen is saved in the SYS:\ETC\ 
CONSOLE.LOG file. You can use 
this file to reset the SET parameters 
after NetWare 5 Support Pack 2 is 
installed. 


c. Unload the CONLOG NLM. 


After you have completed these steps, 


you can install NetWare 5 Support Pack 
2 by completing the following steps: 


— 


ie) 


3: 


. Double-click the NW5SP2.EXE file in 


Windows or type the filename at a 
DOS prompt. 

Note: Because the NW5SP2.EXE file 
contains directory path names that 
exceed the DOS 8.3 limits, you should 
extract this file in a root-level directory 
on your workstation hard drive or on a 
NetWare volume that accepts longer 
path names. 


. Load NWCONKFIG at the server 


console. 
Select Product Options. 


4. Select the Install a Product Not Listed 


5. 


option. 
Press the F3 key. Specify the directory 
path in which you expanded the files, 
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and press the Enter key. 

. Indicate the file groups you want to in- 
stall. If you want to uninstall NetWare 
5 Support Pack 2 at a later time, you 
should also select the option to back up 
files. The old files are then copied to 
SYS:\SYSTEM \BACKKSP2. 

. Press the F10 key to accept the marked 
options. The installation program be- 
gins to copy files. 

8. After the files are copied, you should 

review the .NCF files for accuracy. 

9. Restart the server by typing the follow- 

ing command at the server console: 


Oo 


~n 


RESTART SERVER 


Installing NICI Updates 

The NICI updates.provide enhance- 
ments to the NICI Modules such as No- 
vell PKI and Novell SSL. (For more in- 
formation about NICI, see “With NICI 
It’s All Holes Barred,” NetWare Con- 
nection, Dec. 1998, pp. 8-20. You can 
download this article from http://www. 
nwconnection.com/dec.98/nicid8.) To 
install the NICI updates on the NetWare 
5 server on which you plan to use NICI 
and LDAP, complete the following steps: 


1. Double-click the NICI-UO.EXE file 
in Windows or type the filename at a 
DOS prompt. 

2. Load NWCOMFIG at the server 
console. 

3. Select Product Options. 

4. Select the Install a Product Not Listed 
option. 

5. Press the F3 key, and specify the direc- 
tory path in which you expanded the 
files. If you expanded the files to a 
floppy diskette, press the Enter key. 

6. The Software License screen appears. 
Accept the License Agreement. The 


installation program begins to copy files. 


7. When the installation is completed, 
press the Enter key. 

8. Restart the server by typing the follow- 
ing command at the server console: 


RESTART SERVER 


Installing NDS 8 

After you have downloaded NDS 8, 
you must complete the following steps 
before installing it on a NetWare 5 server: 


1. Run the DSREPAIR utility as described 
in the “Installing and Running the 
DSREPAIR Utility” section on p. 36. 


2. Close ConsoleOne and the DSREPAIR 


utility so that the files are properly 
updated. 


. Mount all volumes. NDS 8 updates 


all trustee rights. If a volume is not 
mounted when NDS 8 is installed, the 
trustee assignments for that volume 
will be lost. 


After you complete the above steps, 


install NDS 8 on a NetWare 5 server by 


completing the following steps: 


— 


NO 


Nn 


. Double-click the NDS 8 file in Win- 


dows or type the filename at a DOS 
prompt. 


. Load NWCONFIG at the server 


console. 


. Select Product Options. 
. Select the Install a Product Not Listed 


option. 


. Press the F3 key. Specify the directory 


path in which you expanded the files, 
and press the Enter key. 


. If you have not installed the updated 


NICI files, you are prompted to exit the 
installation program and install these 


Netwarefiles.com 


Finally ! 
One complete 


Site with all the 


“Goodies” 


For Netware 


-Purchase a cd-rom with the 
entire collection 


-Best collection on the web 


Netwarefiles.com 


For more information, visit 
http://advertise.nwconnection.com. 


files if you require ephemeral key sup- 
port for SSL connections. If you do 
not require this support, press the 
Enter key to continue the installation. 

7. The Novell License Agreement page 
appears. Press Escape to continue. 
Then select the Accept License 
Agreement option. 

8. The NDS 8 README file is dis- 
played. After reading the file, press 
the Escape key to continue. The 
installation program begins to copy 
the NDS 8 files. 

9. After the files are copied, the NetWare 
5 server automatically reboots. The 
NDS 8 installation then automati- 
cally continues by updating the NDS 
schema. 

10. After the NDS schema has been up- 
dated, a message appears, telling you 
to ensure that all volumes are mount- 
ed so that the trustee assignments for 
those volumes are properly updated. 
If you have not already mounted all 
volumes, do so before continuing. 

. Press the Enter key to continue. The 
installation program updates the 
trustee assignments. 

12. You are then prompted to authenti- 
cate to the directory tree with super- 
visory rights to the directory tree. En- 
ter the login name and password for 
the ADMIN user or a user with 
equivalent rights. 

13. After the installation is completed, 
the installation log file is displayed. 
After you read the log file, press the 
Escape key to continue. 

14. When you are prompted to restart the 
server, select Yes. 


1 


— 


After the installation is completed, 
you must complete the following tasks: 


1. Install the NWADMIN snap-in mod- 
ules for Catalog Services and WAN 
Traffic Manager. Although the NDS 
8 installation program copies updated 
versions of DSCAT.NLM and WTM. 
NLM, the installation program does 
not install the NWADMIN snap-in 
modules for managing these services. 
You must run the NetWare 5 installa- 
tion program to install these snap-in 
modules. During the installation pro- 
cess, select No when you are prompt- 
ed to overwrite the newer NLM files. 
Selecting Yes installs the old files over 
the newly installed files. 

2. Run the NDS Backlinker by typing 
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NDS 8 


the following command at the server 
console: 


SET DSTRACE=*b 


The NDS 8 installation program 
changes the internal NDS identifiers. 
To ensure consistency, the backlinker 
process has to update backlinked objects. 
This process will run automatically after 
50 minutes. Entering this SET command 
forces the backlinker process to run im- 
mediately and prevents inconsistent 
state objects. 


Installing ConsoleOne 1.2 

The ConsoleOne 1.2 installation pro- 
gram simply installs a few necessary .DLL 
files to your workstation and adds the 
ConsoleOne program icon to your Win- 
dows desktop. The 1.2 release of Console- 
One is designed to run the ConsoleOne 
program files from a server directory. You 
cannot install the program files on your 
workstation. 

At the time this article was written, 
you could not run ConsoleOne 1.2 at the 
server. According to Novell, however, Java 
1.1.7, which is necessary to run Console- 
One 1.2 at the server, will be available in 
the near future. 

The NDS 8 installation process copies 
a new version of ConsoleOne to the Net- 
Ware 5 server. Before installing the Con- 
soleOne 1.2 .DLL files and program icon 
to your workstation, ensure that the work- 
station meets the following requirements: 


¢ A minimum of 64 MB of RAM and 64 
MB of virtual memory swapper space 

e 200 MHz or greater processor 

e Windows NT, 98, or 95 

e The latest NetWare 5 client software 


To install the ConsoleOne 1.2 .DLL 
files and program icon on a workstation, 
complete the following steps: 


1. Map a network drive to the SYS: 
PUBLIC\ MGMT \CONSOLEONE \ 
1.2\INSTALL directory. 

2. Run the SETUPEXE file. 

3. Continue past the Welcome and Li- 
cense Agreement screens. 

4. Specify the program folder in which you 
want to add the ConsoleOne 1.2 icons. 

5. Verify the current installation settings 
and click Continue. 

6. When the installation is completed, 
restart the workstation. 


Running ConsoleOne 1.2 for the first 
time can be a bit tricky. Although the 
installation program installed a program 
group and a shortcut on your desktop, the 
group and shortcut are not functional yet. 
Before running ConsoleOne 1.2, you 
must first map a drive to the ConsoleOne 
program on the server. ConsoleOne is lo- 
cated in the SYS:\PUBLIC\MGMT \ 
CONSOLEONE \ 1.2\BIN directory. You 
must use the same drive letter that you 
used to map a drive during the installation 
process. For example, suppose that you cre- 
ated the following drive mapping during 
the installation of ConsoleOne 1.2: 


G:=SYS:PUBLIC\MGMT\CONSOLEONEM. 
2\INSTALL 


You must then create the following 
drive mapping before you can run 


ConsoleOne 1.2: 


G:=SYS:PUBLIC\MGMT\CONSOLEONEM. 
2\BIN 


After creating this drive mapping, you 
should be able to refresh your screen, 
and the ConsoleOne icon should appear 
in the shortcut on your desktop. You can 
then launch ConsoleOne by double- 
clicking the icon. 


CONCLUSION 

NDS 8 is a giant leap for Novell, mak- 
ing its enterprise directory an ideal solu- 
tion for the Internet and e-commerce. 
By providing massive scalability, NDS 8 
takes Novell’s directory into new markets 
such as huge global organizations, ISPs, 
and telcos. 

But even if your organization doesn’t 
fall into one of these categories, NDS 8 
will benefit your company. In addition 
to providing more scalability and faster 
search queries, NDS 8 can give your com- 
pany a competitive edge. Because the In- 
ternet is changing how we do business, 
it’s hard to foresee what the future of e- 
commerce will hold. With NDS 8, how- 
ever, you can build a directory today that 
is scalable enough to meet the future 
needs of your company as it extends to 
the Internet. 

Sandy Stevens is a freelance writer based 
in Salt Lake City, Utah. She is coauthor of 
Novell’s Guide to Integrating NetWare 
and NT, Novell’s Guide to BorderMan- 
ager, and Novell’s Guide to NetWare 
Printing, available from Novell Press. @ 
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Good Help Is Hard to Find 


Mickey Applebaum 


Ithough managing your company’s network can be difficult, 
finding reliable technical support may be even more chal- 
lenging. You must distinguish between capable technical support 
providers and technical support providers who have little prac- 
tical experience solving the networking issues your company 
faces. (See “The Role of Certification” on p. 40.) 

This article offers a few guidelines that you can use to find re- 
liable technical support for your company’s network. This article 
first helps you evaluate the type of technical support your com- 
pany needs. This article then helps you determine which poten- 
tial technical support providers have the necessary skills to meet 
your company’s technical support requirements. 


TYPES OF TECHNICAL SUPPORT 

Every network—tregardless of its size, its location, and its hard- 
ware and software—eventually requires some type of technical 
support. To solve each problem, whether large or small, you must 
answer two critical questions: First, do you have the resources 
you need to solve the problem yourself? And second, who can 
you trust when you need outside help? 

Before you can answer these questions, you must evaluate the 
type of technical support your.company needs. There are three 
types of technical support: 


¢ Critical-Care Technical Support. If you occasionally experi- 
ence a problem that you cannot solve on your own, you can 
hire technical support providers on an as-needed basis. Tech- 
nical support providers who offer critical-care technical support 
are similar to triage doctors who work in a hospital’s emer- 
gency room. 
© On-Going Technical Support. If you need help completing 
complex projects, such as implementing new technologies, you 
can hire technical support providers who offer on-going tech- 
nical support. These technical support providers are similar to 
family practitioners who treat you for chronic conditions. 
On-Site Technical Support. If you need to supplement your 
company’s technical support staff on a long-term basis but can- 
not hire additional employees, you can hire technical support 
providers who offer on-site technical support. These technical 
support providers are similar to home-care nurses who alleviate 
your workload while you are recovering from an illness. 


Determining the type of technical support you need is the 
most important step in meeting your company’s technical support 
requirements. In addition to considering the specific problem or 
project you face, you should consider other factors, such as the size 
and the experience of your company’s technical support staff. 


For example, suppose that you work for a small company 
and that network management is only one of your many job 
responsibilities. In this case, you may need all three types of 
technical support to ensure that you always have outside help 
whenever you encounter problems or implement projects that 
you are not equipped to handle. On the other hand, suppose 
that you work for a large company that has a full technical 
support staff. In this case, you may need only on-site technical 
support to ensure that you have an extra technical support 
professional who is dedicated to performing a long-term task. 

You should also consider the cost of each type of technical 
support. Depending on the exact services you need, you may 
need to compromise to reduce costs. Obviously, if you cannot 
afford more than one type of technical support, you must choose 
the type of technical support that most closely meets all of your 
company’s technical support requirements. 

As you determine the type of technical support your com- 
pany needs, you should be aware that technical support pro- 
viders must draw the line somewhere. For example, you cannot 
expect a critical-care technical support provider to rush to 
your aid to add a new user to your company’s network. Like- 
wise, you cannot expect an on-going technical support pro- 
vider who is implementing a database solution to restore a 
failed router. 

You should also be aware that there is no better time than 
now to find reliable technical support. You should not wait until 
you are in the middle of a crisis. 


TYPES OF TECHNICAL SUPPORT PROVIDERS 

After you have decided which type of technical support you 
want, you must focus on finding an experienced technical support 
provider who provides this type of technical support. Sometimes 
the technical support provider you choose may be able to provide 
several types of technical support. 

There are two types of technical support providers: 


© Independent consultants 
© Consulting companies 


Most independent consultants provide reliable technical 
support in specific areas of expertise, often at a lower cost than 
consulting companies. On the other hand, consulting com- 
panies usually provide a broader range of services. And although 
consulting companies sometimes cost more, they may assign 
multiple consultants to your company’s account. As a result, 
these companies can often provide more experience and faster 
assistance than independent consultants can provide. 
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The Role of Certification 


When choosing a technical support provider, you should factor 
in industry certifications. Although you should not rely solely on in- 
dustry certifications, you can use these certifications as a baseline 
for comparison. In other words, you may want to begin your search 
by considering technical support providers who have industry certifi- 
cations. You can then narrow your search by evaluating the experi- 
ence of each technical support provider. 

Comparing the role of medical certifications and networking cer- 
tifications helps clarify the relationship between certification and 
experience. Like technical support providers, medical students may 
receive one or more certifications in their field. To earn these certi- 
fications, medical students must engage in rigorous classroom 
training, learning the scientific theories behind medical procedures. 
Some medical students pursue a general certification, which covers 
a broad range of basic medical issues, whereas other medical stu- 
dents pursue a specialty certification, which covers specific medical 
issues surrounding a particular disease or area of the body. 

Many technical support providers also pursue either general or 
specialty certifications. Technical support providers who pursue 


general certifications want to address basic hardware and software 
issues. Technical support providers who pursue specialty certifica- 
tions focus on a specific network component, such as routers. 

With both doctors and technical support providers, you seek out 
a specialist if your problem is severe enough or complex enough to 
exceed a general practitioner's skills. However, there is one signifi- 
cant difference between the role of medical certifications and net- 
working certifications: After their classroom study is completed, 
medical students are required to complete several years of hands- 
on training before they can become doctors. Technical support 
providers, on the other hand, usually begin working immediately. 

Potential technical support providers who have earned certifi- 
cations obviously believe in the importance of classroom training. 
In addition, they are willing to spend the time and the money 
necessary to pursue that training. But you should not assume that 
a technical support provider who has earned certifications knows 
how to solve every networking problem. Instead, you should gather 
as much information as you can about the provider’s actual ex- 
perience, and you should use this information to make your final 
decision. In short, when choosing a technical support provider, you 
should follow the steps outlined in the main article. 


AVERTING DISASTERS 

You should always ask several critical 
questions before choosing your technical 
support provider: 


e How much experience does the tech- 
nical support provider have with the 
type of network your company has, in- 
cluding the hardware and software used? 

© Does the technical support provider 
guarantee availability? 

¢ Does the technical support provider 
offer a single point of contact? 

© Does the technical support provider of- 
fer a list of references, enabling you to 
contact both past and current customers 
for more information about the pro- 
vider’s quality of service? 


Technical Support Experience 

I have provided technical support for 
many years, and many of my customers 
came to me because their technical sup- 
port provider could not help them. Most 
of these customers neglected to ask the 
appropriate questions before they hired 
their technical support provider. 

The most important question to ask is 
the one about experience. Among other 
things, you should ensure that your tech- 
nical support provider is familiar with the 
server platform and with the operating sys- 
tem your company uses. Otherwise, your 
technical support provider may be not be 
able to solve problems with which the pro- 
vider has little experience. This situation 
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is especially common with independent 
service providers, who do not have a com- 
pany full of colleagues to call for help. 

To determine whether or not potential 
technical support providers have adequate 
experience, you should document your 
company’s network, making a complete 
list of the hardware and software you use. 
You can then present this list to potential 
technical support providers so they know 
exactly what they are expected to main- 
tain. This list can also help protect you 
from unscrupulous technical support pro- 
viders who may try to convince you that 
you need unnecessary equipment or re- 
placement parts, assuming that you are 
not familiar with each component in your 
company’s network. 


Guarantee of Availability 

The speed with which your technical 
support provider responds to a service re- 
quest may determine whether or not your 
company’s network survives a system fail- 
ure. For example, if a technical support 
provider cannot guarantee at least same- 
day response, you must evaluate the impact 
on your company if its network is down for 
a day or two—or possibly even longer. 

In addition, you should find out wheth- 
er or not potential technical support 
providers maintain their own supply of 
replacement parts. If a technical support 
provider does not stock replacement parts 
for the hardware you use, you may find 
yourself at the mercy of manufacturers’ 


warehouses and shipping services in the 
event of a hardware failure. 


Single Point of Contact 

Having a single point of contact may 
not seem important when your company’s 
network is functioning properly. But when 
something goes wrong, you cannot under- 
estimate the value of being able to contact 
a technical support professional who is fa- 
miliar with your company’s network. 

A single point of contact is also useful 
if you are trying to juggle multiple projects 
simultaneously. In this case, your contact 
can act as a project manager, ensuring 
that each project is on track. 

In addition, a single point of contact 
provides you with a technical support pro- 
fessional who can evaluate all of the ser- 
vices you are receiving and determine 
whether or not you are satisfied with these 
services. Otherwise, you may receive un- 
satisfactory services because no one is 
coordinating these services. 


List of References 

Nothing beats references when you are 
trying to find reliable technical support. 
You should always request a list of refer- 
ences from each potential technical sup- 
port provider. This list should include con- 
tact information for several customers who 
are using or have used the same technical 
support provider and have received ser- 
vices similar to the ones you require. You 
should then contact these customers, en- 


suring that they have had a good experi- 
ence with the technical support provider. 

A reputable technical support provider 
should supply you with contact informa- 
tion both for customers who praise the 
provider and for customers who have ex- 
perienced problems. You can then deter- 
mine the technical support provider's 
strengths and weaknesses. 

You can also use references from other 
companies to track down potential tech- 
nical support providers. You may want to 
ask your company’s partners, suppliers, 
and customers whether or not they are 
happy with their technical support pro- 
vider. In addition, you can ask other net- 
work administrators, such as members of 
your local NetWare user group, if they 
have any recommendations. (To locate 
a NetWare user group in your area, visit 
the NetWare Connection web site at http:// 
www.nwconnection.com.) 


DOING YOUR PART 

After you choose a technical support 
provider, you should ask what the provider 
expects from you. For example, I do not 
accept a new customer without first per- 
forming a basic health check on the com- 
pany’s network. This health check allows 
me to conduct an inventory of the hard- 
ware, software, and services that are run- 
ning. I can also determine if all of the 
current patches and updates are installed. 

Based on what I find during the health 
check, I know if I should accept the job. If 
the network’s overall health is relatively 
good, | may accept the job because I do 
not have to spend an inordinate amount 
of time reconfiguring hardware and soft- 
ware and installing current patches and 
updates. If the network has significant 
problems, however, I may decide to reject 
the job because the extra work I am faced 
with may interfere with the time I must 
dedicate to my existing customers. 

A reputable technical support provider 
may have a similar selection process, 
which helps ensure that the provider can 
properly support every customer. Technical 
support providers who are willing to take 
on any and every customer may eventually 
end up spending all of their time and re- 
sources with the one customer whose 
network is in the worst shape, leaving 
little time for the remaining customers. 


CONCLUSION 
Managing your company’s network is 
only part of your job. You also have the 
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responsibility of finding reliable technical 
support—a process that requires you to do 
your homework. You must evaluate your 
company’s technical support requirements 
and determine what type of technical 
support your company needs. In addition, 
you must interview potential technical 
support providers, asking them a variety of 


witting victim in a technical support 
horror story. Instead, you may develop a 
successful technical support relationship 
that can serve your company well for 
many years to come. 

Mickey Applebaum has worked with 
NetWare for more than 14 years. Mickey 
provides technical support on the Internet for 


The Forums (http://theforums.com) and op- 
erates Proactive Team Solutions, a consulting 


firm located in Salt Lake City, Utah. @ 


questions and checking their references. 
If you complete these steps, you are far 
less likely to make your company the un- 
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to high-speed, full-duplex communications. 
With the simple addition of the BARR/SYNC 
adapter, you could double your server’s SDLC 
throughput—instantly. 

Few SNA gateways support the DATAMODE=FULL 
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Network Management Products 


Kimberly Jones 


If you are a network administrator, purchasing a solid network management product can 
make all of the difference between loving your job and contemplating a career change. You 


can’t go wrong with the third-party, software-based network management products featured 
in this article. These network management products save you a significant amount of time and 
effort, while enabling you to get the most out of your company’s NetWare network. (Novell 
also offers network management products that greatly simplify the management process. See 
“Network Management, Novell Style” on p. 44.) 


UNICENTER TNG 2.2 

Unicenter TNG 2.2 from Computer 
Associates International Inc. is a com- 
prehensive network management product 
for heterogeneous enterprise networks. 
Unicenter TNG 2.2 supports multiple 
protocols, such as TCP/IP, IPX/SPX, 
Systems Network Architecture (SNA), 
and DECnet. Unicenter TNG 2.2 also 
supports multiple server and workstation 
platforms, such as NetWare 5, NetWare 
4, NetWare 3, Windows NT, UNIX, 
AS/400, and mainframes. 

With Unicenter TNG 2.2, you can 
manage nearly every type of network op- 
eration, including storage, security, and 
software distribution. In addition, you can 
manage network resources, such as sys- 
tems, desktops, and applications. Unicen- 
ter TNG 2.2 includes the following fea- 
tures to help you take advantage of these 
management capabilities: 


© Real-World Interface. Unicenter TNG 
2.2 includes a real-world interface, which 
provides a 3-D graphical representation 
of the entire network. In addition to 
displaying network devices, this inter- 
face offers a real-time animated view of 
abstract objects, such as processes, data- 
bases, and print jobs. You can custom- 
ize this interface to represent your com- 
pany’s network. 

¢ Business Process Views. Unicenter 
TNG 2.2 includes business process 
views, which display information for 
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every component of a particular busi- 
ness process. These views allow you to 
manage entire business processes. For 
example, if your company’s accounting 
system is slow, you can view all of the 
components that are related to the per- 
formance of this system to identify the 
cause of the problem. 

© Management Agents. Unicenter TNG 
2.2 includes intelligent management 
agents, which monitor and report the 
events that occur on your company’s 
network. These agents also perform 
distributed storage and configuration 
management. You can deploy agents 
throughout your company’s network, 
and you can even deploy agents in an 
Internet or an intranet environment. 


You can purchase Unicenter TNG 
2.2 through retail channels beginning at 
the suggested retail price of U.S. $2,500. 
For more information about Unicenter 
TNG 2.2, visit Computer Associates’ 
web site (http://www.cai.com). You can 
also call 1-800-CALL-CAI or 1-516- 
DIAL-CAI. 


SYNCHRONICITY 2 FOR NETWARE 3 

Synchronicity 2 for NetWare 3 from 
NetVision Inc. simplifies the process of 
managing a mixed network that contains 
NetWare 5, NetWare 4, and NetWare 3 
servers. Synchronicity 2 for NetWare 3 
supports pure IP, pure IPX, and a combin- 
ation of both protocols. 


With Synchronicity 2 for NetWare 3, 
you can migrate all user and group ac- 
counts from the NetWare 3 bindery to 
the Novell Directory Services (NDS) 
database. Synchronicity 2 for NetWare 3 
even resolves naming conflicts that occur 
during the migration process. 

You can then manage these accounts 
through Novell’s NetWare Administrator 
(NWADMIN) utility by using the snap- 
in module that comes with Synchronicity 
2 for NetWare 3. The snap-in module 
allows you to expand each NetWare 3 
Server object in the NDS tree, displaying 
the user and group accounts that are lo- 
cated on that server. You can even create, 
modify, and delete user and group accounts 
without having to create an associated 
User or Group object in the NDS tree. 

After any change is made to a user 
or group account, Synchronicity 2 for 
NetWare 3 automatically detects and syn- 
chronizes this change between the NDS 
database and the NetWare 3 bindery. To 
minimize synchronization traffic, Synchron- 
icity 2 for NetWare 3 initiates the syn- 
chronization process only when changes 
occur. Synchronicity 2 for NetWare 3 
further minimizes synchronization traffic 
by transmitting only the user or group ac- 
count information that has been modified. 

You can purchase Synchronicity 2 for 
NetWare 3 at the suggested retail price of 
USS. $14 per user account by calling 1-801- 
764-0400, extension 4. You can also down- 
load the 30-day trial version from http:// 
www.netvision.com/download/download. 
html. For more information about Syn- 
chronicity 2 for NetWare 3, visit Net- 
Vision's web site (http://www.netvision. 


com). You can also call 1-801-764-0400. 


MANAGE EXEC 5.5 

Manage Exec 5.5 from Seagate Soft- 
ware automatically monitors more than a 
thousand events that occur on your com- 
pany’s network. For example, Manage 
Exec 5.5 monitors events on NetWare 5, 
NetWare 4, and NetWare 3 servers, such 
as events that are related to NetWare 
Loadable Modules (NLMs), SET param- 
eters, connections, open files, and login 
scripts. Manage Exec 5.5 also monitors 
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E=MC* (Education =Major Cash’ 


So you want to be one of the technologically elite—sought after, in demand, popular, cool, making the big bucks? 
Networking education may be your ticket to the top. Visit or call the Novell Authorized Education Center (NAEC) in your area. 


ARKANSAS 
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Little Rock, AR 72201 

(800) 880-2949 
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CALIFORNIA 


New Horizons Computer Learning 
Center of Sacramento 
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Sacramento, CA 95825 

(916) 641-8500 

Contact: Rodney Stanhope 
hetp://www.newhorizons.com 


New Horizons Computer Learning 
Center of San Diego 

7480 Miramar Rd. Building B, Suite 202 
San Diego, CA 92123 

(619) 558-5555 


http://www.nhsandiego.com 


New Horizons Computer Learning 
Center of San Francisco 

One Embarcadero Center, Suite 200 
San Francisco, CA 94111 

(925) 933-9955 x2846 

Contact: Kristin Sipley 

E-mail: ksipley@NHWalnutCreek.com 
hetp://www.newhorizons.com 


New Horizons Computer Learning 
Center of San Jose 

181 Metro Drive, Suite 550 

San Jose, CA 95110 

Contact: Kristin Sipley 

(925) 933-9955 x2846 

E-mail: ksipley@NHWalnutCreek.com 


http://vww.newhorizons.com 


New Horizons Computer Learning 
Center of Santa Ana 

1231 E. Dyer Road, Suite 140 
Santa Ana, CA 92705 

(714) 556-1220 

(310) 348-1144 


http://www.newhorizons.com 


New Horizons Computer Learning 
Center of Walnut Creek 

2185 N. California Blvd., Suite 300 
Walnut Creek, CA 94596 

(925) 933-9955 x2846 

Contact: Kristin Sipley 

E-mail: ksipley@NHWalnutCreek.com 


http://www-newhorizons.com 


COLORADO 


CCTI 

5500 Greenwood Plaza Blvd., Ste. 130 
Englewood, CO 80111 

(303) 741-2284 

Contact: Jolene Silbaugh 

E-mail: jsilbaugh@ccti.com 


CONNECTICUT 
IKON Technology Services 
Education Services Unit 
17 Britton Drive 
Bloomfield, CT 06002 
(860) 243-1000 
http://www. ikontechne.com 


NextAge Inc. 
401 Merritt 7 
Norwalk, CT 06851 
(800) 989-8989 
Contact: Cal York 


E-mail: sales@nextage.com 


FLORIDA 
New Horizons Computer 
Learning Center 
31 West Garden Street, Suite 200 
Pensacola, FL 32501 
(850) 434-3414 
Contact: Joyce Coburger 
E-mail: jcoburger@nhpens.com 


GEORGIA 
New Horizons Computer 
Learning Center 
4053 Lavista Road 
Atlanta, GA 30084 
(770) 270-2000 
Contact: Anne Hall 
http://www.newhorizons-atl.com 


IOWA 
Help Desk 
4110 NW 114th Street 
Des Moines, [A 50322 
(515) 276-3713 
Contact: Thomas J. Hollister 
hetp://www.hdesk.com 


KANSAS 
New Horizons Computer 
Learning Center 
6405 Metcalf Avenue, Suite 200 
Overland Park, KS 66210 
(913) 677-9933 
Contact: Chad Hawk 
E-mail: chawk@nhkc.com 
http://www.newhorizons.com 


LOUISIANA 
Louisiana State University 
143 Pleasant Hall 
Baton Rouge, LA 70803 
(225) 388-6325 
Contact: J. Kirsch 
E-mail: jkirsch@doce.lsu.edu 


New Horizons Computer Learning 
Center of Shreveport 

2924 Knight Street 

Shreveport, LA 71105 

(318) 869-4999 

Contact: Bill Grant 


E-mail: 75722.1217@Compuserve.com 


MASSACHUSETTS 
Boston University Corporate 
Education Center 
72 Tyng Road 
Tyngsboro, MA 01879 
(800) BU-TRAIN 
Contact: Tanya Lakos 
http://butrain.bu.edu 


New Horizons Computer Learning 
Center of Boston 

99 Summer Street, Suite 310 
Boston, MA 02110 

Contact: John Zesiger 

(781) 229-9565 

E-mail: jzesiger@nhboston.com 
hetp://www.nhboston.com 


New Horizons Computer Learning 
Center of Burlington 

5 Old Concord Road 

Burlington, MA 01803 

Contact: John Zesiger 

(781) 229-9565 

E-mail: jzesiger@nhboston.com 
hetp://www.nhboston.com 


New Horizons Computer Learning 
Center of Westborough 

2000 West Park Drive, 2nd Floor 
Westborough, MA 01581 

Contact: John Zesiger 

(781) 229-9565 

E-mail: jzesiger@nhboston.com 
http://www.nhboston.com 


New Horizons Computer Learning 
Center of Quincy 

300 Crown Colony 

Quincy, MA 02169 

Contact: John Zesiger 

(781) 229-9565 

E-mail: jzesiger@nhboston.com 
http://www.nhboston.com 


MINNESOTA 


Benchmark Computer Learning Inc. 
4510 West 77th Street, Suite 210 
Minneapolis, MN 55435 

(888) Benchmark 
hetp://www.benchmarklearning.com 


NEW JERSEY 


:Track On Technical 
Education Centers 

140 East Ridgewood Avenue 
Paramus, NJ 07652 

(201) 986-0900 

Contact: Valerie Mazza 
E-mail: ymazza@trackon.edu 


NEW YORK 


New Horizons Computer 
Learning Center 

60 Corporate Woods, Suite 300 
Rochester, NY 14623 

(716) 427-2200 

Contact: Kevin Farnsworth 
E-mail: nbrelos@nhrochester.com 


NORTH CAROLINA 


Alphanumeric Systems Inc. 
3801 Wake Forest Road 
Raleigh, NC 27609 
Contact: Sandy Cate 

(919) 781-7575 


hetp://www.alphanumeric.com 


OKLAHOMA 


Network Enterprise Technologies Inc. 
2448 East 81st Street, Suite 299 
Tulsa, OK 74137 

(918) 496-2244 

Contact: Mike Bycroft 

E-mail: mbycroft@tulsanet.com 


TEXAS 


C-TREC 

Computer Technology Research and 
Education Center 

1700 West Loop South, Suite 1100 
Houston, TX 77027 

(713) 871-8411 

Contact: Doug Waterman 
hetp://www.ctrec.com 


New Horizons Computer Learning 

Center of Austin 

4515 Seton Center Pkwy., Suite 250 

Austin, TX 78759 

Contact: Dan Tyler/Len Fetchko 

(512) 349-9555 

E-mail: dtyler@nhaustin.com or 
lfetchko@nhaustin.com 

hetp://www.newhorizons.com 


New Horizons Computer Learning 

Center of Dallas 

5151 Beltline Road, Suite 550 

Dallas, TX 75240 

Contact: Gil Wolchock/John Fowler 

(972) 490-5151 

E-mail: gwolchock@nhdallas.com or 
jfowler@nhdallas.com 

hetp://www.newhorizons.com 


New Horizons Computer Learning 

Center of Houston 

5555 San Felipe, Suite 1500 

Houston, TX 77056 

Contact: Paul Paske/Paul McAskill 

(713) 552-1414 

E-mail: ppaske@nhhouston.com or 
pmcaskill@nhhouston.com 

http://www.newhorizons.com 


SMU School of Engineering and 
Applied Science 

5236 Tennyson Parkway, Suite 200 
Plano, TX 75024 

Contact: Jim Smith 

(972) 473-3456 


hetp://www.seas.smu.edu/ce 


UTAH 


Knowledge Alliance 

341 South Main Street, Suite 406 
Salt Lake City, UT 84111 

(801) 322-2211 

Contact: Melinda Zito-Haase 
E-mail: mzito@kalliance.com 


For information 
about being 
included in the 
NAEC listing, 


please call Brian 
Smith at 1-801- 
465-4901. 


For more information visit http://www.nweconnection.com/naec 


Ss PRODUCT FOCUS 


Network Management, Novell Style 


Who knows NetWare better than Novell? If you are in the mar- 
ket for network management products, you may want to check out 


the following Novell products: 


* ManageWise 2.6. ManageWise 2.6 is a network monitoring 
and management tool that is fully integrated with Novell Di- 
rectory Services (NDS). ManageWise 2.6 offers network man- 
agement capabilities such as NetWare and Windows NT ser- 


and application management. With Z.E.N.works 1.1, you can 
create and manage policies and user profiles for Windows NT, 


98, and 95 workstations from a central location. You can cen- 
trally distribute, update, and manage applications on multiple 


workstations. You can also monitor the year-2000 compliance 
of every PC on your company’s network with Greenwich Mean 


ver management, NDS monitoring, network traffic analysis, 


network health reports, network inventory, virus protection, 
early-warning alarms, and desktop management for a variety 
of workstation platforms. (You can order a free, 90-day eval- 
uation copy of ManageWise 2.6 on CD-ROM at http://www. 
novell.com/products/managewise/eval.html.) 

¢ Zero Effort Networks (Z.E.N.works) 1.1. Z.E.N.works 1.1 is an 
NDS-enabled network management tool that focuses on desktop 


events on Windows NT servers, such as 
events related to memory, services, con- 
nections, open files, and event logs. In 
addition, Manage Exec 5.5 monitors appli- 
cations that use performance counters. 

Manage Exec 5.5 takes monitoring 
a step further by analyzing all of these 
events and generating detailed reports. 
Manage Exec 5.5 offers a range of report- 
ing capabilities, including trend analysis, 
statistical charting, and capacity plan- 
ning. These reporting capabilities pro- 
vide both real-time and historical infor- 
mation about all statistics monitored by 
Manage Exec 5.5. 

Manage Exec 5.5 also analyzes each 
server's behavior patterns and establishes 
performance baselines. Manage Exec 5.5 
automatically sets server-appropriate 
alert thresholds and priorities based on 
this analysis. As a server’s behavior pat- 
terns change over time, Manage Exec 
5.5 fine-tunes the alert thresholds and 
priorities accordingly. 

When a server crosses one of the alert 
thresholds, Manage Exec 5.5 alerts you to 
the problem via a pager message, an e-mail 
message, or a message sent to another 
Simple Network Management Protocol 
(SNMP) compliant network management 
system, such as Novell’s Manage Wise. In 
addition, you can view alerts and perform 
management tasks through a Windows 
NT management console. Manage Exec 
5.5 also includes a web-based management 
console that you can access from a stan- 
dard web browser. 

You can purchase Manage Exec 5.5 
through retail channels beginning at the 
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suggested retail price of U.S. $895 per 
server. For more information about Man- 
age Exec 5.5, visit Seagate Software’s 
web site (http://www.seagatesoftware. 
com). You can also call 1-800-327-2232 
or 1-407-531-7501. 


LANDECODER NETWORK 
MANAGEMENT SUITE 1.0 

LANdecoder Network Management 
Suite 1.0 from Triticom is a set of four in- 
tegrated products designed to cover all of 
the network management bases. LANde- 
coder Network Management Suite 1.0 
consists of the following products: 


¢ LANdecoder32. LANdecoder32 
monitors network operations and as- 
sesses network health. LANdecoder32 
also offers extensive troubleshooting 
capabilities. For example, LANdecod- 
er32 gathers and analyzes information 
that you can use to isolate networking 
problems. You can configure LANde- 
coder32 to display this information in 
real-time or to create a snapshot file 
that you can view later. You can also 
configure LANdecoder32 to generate 
traffic on the network, which may help 
you pinpoint exactly where a particular 
networking problem exists. 

e LANdecoder SNMP Manager. LAN- 
decoder SNMP Manager automatically 
locates and queries any network de- 
vice with an SNMP agent. LANde- 
coder SNMP Manager then gathers 
information about the performance 
and status of that device. You can 


access LANdecoder SNMP Manager 


Time’s Check 2000. (Z.E.N.works 1.1 includes five free licenses 
of Check 2000.) You can download the Z.E.N.works Starter Pack, 
which includes some of the basic components of Z.E.N.works, at 
http:/Awww.novell.com/download. 


Novell plans to release additional network management prod- 
ucts in the future. For example, Novell and Lucent Technologies 
have signed an agreement to develop NDS-enabled IP management 
solutions based on Lucent's QIP IP address management software. 

For more information about Novell’s network management 
products, visit Novell’s web site (http://www.novell.com). You can 
also call 1-800-NETWARE or 1-801-228-4272. © 


by simply clicking a button on the 
LANdecoder32 screen. 

¢ LANdecoder Health Reporter. LAN- 
decoder Health Reporter offers a GUI 
that allows you to view the snapshot 
files created by LANdecoder32. LAN- 
decoder Health Reporter converts 
these files into graphical charts, pro- 
viding trend analysis. 

¢ RMONster32. RMONSster32 is a re- 
mote network monitoring (RMON) 
agent that supports RMON I and 
RMON II Management Information 
Bases (MIBs). RMONster32 offers a 
remote interface to other management 
stations within your company’s net- 
work, enabling you to create a cohe- 
sive management system. 


You can purchase LANdecoder Net- 
work Management Suite 1.0 through 
retail channels beginning at the sug- 
gested retail price of U.S. $2,995. For 
more information about LANdecoder 
Network Management Suite 1.0, visit 
Triticom’s web site (http://www.triticom. 


com). You can also call 1-612-937-0772. 


CONCLUSION 

Few products can make your job easier 
than network management products. If the 
network management product you are cur- 
rently using does not provide a GUI with 
monitoring, analyzing, and reporting capa- 
bilities you can customize, you might want 
to shop around for a new solution. Your 
company’s network may depend on it. 

Kimberly Jones is a freelance writer and 
editor based in Chicago, Illinois. @ 


NUI 


NetWare. Users 
International 


NUI Leadership Summit 


Chip DiComo 


f n many ways, NetWare Users Interna- 
tional (NUI) functions as a network: 
NUI brings together network engineers, 
network administrators, and users, en- 
abling them to share ideas about how 
to make a network run more smoothly. 
And just like a computer network, the 
NUI network needs some performance 
tuning every now and then. So every 
year, NetWare user group presidents and 
delegates from around the world attend 
the NUI Leadership Summit to receive 
leadership training, discuss ways to im- 
prove NetWare user groups, and receive 
the latest product and technical infor- 
mation from Novell. 

This year, 151 NUI representatives 
converged in Salt Lake City, Utah on 
March 20-21 to attend the fourth an- 
nual NUI Leadership Summit. 


SEMINARS AND WORKSHOPS 

On the first day of the summit, NUI 
representatives participated in Franklin- 
Covey training, which focuses on Ste- 
phen R. Covey’s book, The 7 Habits of 
Highly Effective People. “The training was 
great,” says Ray Osburn of the Utah Val- 
ley NetWare user group. “Even though 
the information [I] learned can’t increase 
the amount of time in my day, it will 
help me balance my time better between 
work, [NetWare] user group activities, 
and my family.” 

Later that day, Dr. Eric Schmidt, 
Novell Chairman of the Board and CEO, 
addressed the NUI representatives. In his 
remarks, Schmidt reconfirmed Novell’s 
commitment to its most loyal user base— 
NUI members. He gave a brief overview of 
the progress Novell has made in the past 
year and commented on future products 
and the direction of the company. Schmidt 
also answered questions and asked for sug- 
gestions from the NUI representatives. 


On the second day of the summit, NUI 
representatives attended workshops on 
topics such as group management, mem- 
bership recruitment, and educational pro- 
grams. “This education is critical for all of 
us,” says Esther Fleming of the South Flor- 
ida NetWare user group. “Each president 
shares what works best for his or her group. 
Every year, I learn several new ideas to 
take back to Miami.” 


ONE STOP SHOPPING 

For the first time, the NUI Leadership 
Summit was held in conjunction with 
Novell’s BrainShare technical confer- 
ence. As a result, NUI representatives 
who could take the extra time out of 
their work schedules were able to enjoy 
all of the benefits of Novell’s premier 
technical conference. (For more informa- 
tion about BrainShare ’99, visit http:// 
www.novell.com/events/brainshare. ) 

For many NUI representatives, the 
opportunity to attend both the NUI Lea- 
dership Summit and BrainShare 99 made 
the week spent in Utah even more val- 
uable. According to Stephen Walker of 
the Chattanooga, Tennessee NetWare 
user group, “BrainShare ’99 was amazing. 
I received so many technical updates. | 
could present this material to my group 
over the next several meetings and still 
have material left over.” 


WELL WORTH THE EFFORT 

NUI representatives left the NUI 
Leadership Summit with tools to build 
stronger NetWare user groups and with a 
better appreciation and understanding of 
Novell’s products. As Dan Long, presi- 
dent of the Naples, Florida NetWare user 
group, explains, “The Summit gives me a 
chance to recharge, get some new ideas, 
and go back to my group full of energy for 
another year of activities. Sometimes, | 


don’t know how we do it,” he admits. 
“These groups take a lot of effort, on top 
of doing our regular jobs, but the profes- 
sional network we build is well worth the 
effort it takes.” 

If you are interested in joining a Net- 
Ware user group, now is a great time to 
become a member. To locate the NetWare 
user group nearest you, visit NUI’s web site 
at http://www.novell.com/nui. 

Chip DiComo is a board member of NUI, 
North America (NUI, NA). @ 


Novell's ManageWise v2.1 - v2.6 


PageManager: Forward alarms to pagers, 
e-mail addresses, and/or mobile phones: 


*» MAJOR PAGERS AND MOBLE PHONES SUPPORTED 
» EMAIL SUPPORT USING SMTP. 

= SPECIFIC ALARM & SERVER MONITORING 

= PERSONNEL SCHEDULING 

= REPORT GENERATING & EXPORTING DATA 

= DUPLICATE ALARM FILTERING 

* CUSTOM ALARMS CREATION 


WinMan: Screen manager for ManageWise, 
save screens into a profile that can be reloaded 
with just a click of the mouse: 


= TAILOR SCREENS FOR SPECIFIC TASKS 
* RESTORE SCREEN SIZE AND POSITION 
*» AUTOLOAD SCREENS AS MANAGEWISE LOADS 


Alarm Vocalizer: Verbally spoken alarms: 


* OVER 700 WORD DATABASE 
=» ALARM RECORDER 
= USE CUSTOM SOUND FILES 


Node Sound Manager: Manage sound files: 
= ASSIGN CUSTOM SOUNDS TO SERVERS 


Atlantis Software 
34740 Blackstone Way, Fremont, Ca. 94555 
510-796-2180 fax: 510-796-8476 email: asinfo@atlantissoftware.com| 
Try our 30-day evaluations from our website: 


For more information, visit 
http://advertise.nwconnection.com. 


Novell. 


Digitalme 


At BrainShare ’99 in Salt Lake City, Novell announced its 
new digitalme initiative. Digitalme is Novell’s solution to man- 
aging personal information, or digital identity, on the Internet. 
Digitalme leverages Novell Directory Services (NDS) to en- 
able you to control and protect the distribution of personal in- 
formation on the Internet. 

Digitalme features a flexible software architecture that allows 
you to create, personalize, and manage meCards, virtual cards that 
provide information about your digital identity. You can designate 
which information located on your meCard is public or private, 
and you can then use your meCard to automatically sign on to 
web sites that require registration. For example, you can create a 
meCard that automatically completes identification forms on the 
Internet. When you try to access a web site that requires an iden- 
tification form, digitalme’s personal proxy system intercepts and 
completes the form and provides the completed form for your 
review. The next time you access the site, digitalme automati- 
cally handles the sign-in process. 

Digitalme also improves privacy awareness by generating a log 
that identifies which sites have received your meCard informa- 
tion. The digitalme suite of services also supports instant chat fea- 
tures, messaging services, and document sharing capabilities. 

Novell plans to offer digitalme free over the Internet in open 
source format within six months. For more information about 
Novell’s digitalme initiative, see the article by Dr. Eric Schmidt, 
Novell chairman of the board and CEO, in the BrainShare ’99 
Conference Daily. You can download this article from http:// 
www.nwconnection.com/brainshare/showdaily/mon_index.html. 
You can also watch for new information about digitalme on the 
digitalme web site (http://www.digitalme.com). 


cae | ae ri seeps 


Novell recently announced that NetWare for SAA 4, a LAN- 
to-host connectivity solution, is now available. NetWare for SAA 
4, developed jointly by Novell and IBM Corp., enables you to in- 
tegrate NetWare networks, company intranets, and Internet ap- 


plications with IBM mainframe computers and AS/400 systems. 
NetWare for SAA 4 is fully integrated with NDS, allowing you to 


manage the NetWare for SAA 4 gateways from a central location. 


NetWare for SAA 4 is also integrated with NetWare 5 and 
provides TCP/IP support, including gateway services such as load 
balancing and rollover support for AS/400 systems. In addition, 
NetWare for SAA 4 offers enhanced support for IBM’s Systems 
Network Architecture (SNA) protocol, thereby providing high- 
performance routing (HPR) over TCP/IP. The result is faster and 
more reliable access to IBM host resources. NetWare for SAA 4 
offers Secure Sockets Layer 3.0 (SSL) encryption, ensuring secure 
communication over the Internet and corporate intranets. 

In addition to these features, NetWare for SAA 4 includes 
trial versions of the following products: 


¢ IBM’s Host On-Demand, a Java application that ensures 
secure browser access to host data and applications 
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© Novell’s NetWare HostPublisher, server-based software that per- 
mits authorized users to access applications and data on IBM 
mainframes via corporate intranets, extranets, or the Internet 

¢ IBM’s Personal Communications 4.3, which provides Win- 
dows NT, 98, and 95 desktops with access to IBM mainframe 
and AS/400 applications 


You can purchase NetWare for SAA 4 from any Novell au- 
thorized reseller. For more information about NetWare for SAA 
4, call 1-888-321-4272 or 1-801-228-4272, or visit Novell’s web 


site at http://www.novell.com/products/host. 


Novell Internet Caching System 


Novell recently unveiled Novell Internet Caching System, 
a scalable, plug-and-accelerate caching appliance architecture. 
Novell Internet Caching System dramatically speeds up the trans- 
mission of information on intranets, extranets, and the Inter- 
net. In addition, Novell Internet Caching System increases the 
capacity of any web server ten-fold. 

Novell Internet Caching System allows you to implement a 
single caching solution in a mixed network environment. No- 
vell Internet Caching System also provides an open-standards, 
Intel-based architecture that leverages your company’s existing 
network infrastructure and reduces overall bandwidth consump- 
tion. In addition, Novell Internet Caching System offers ad- 
vanced capabilities such as native and Layer 4 switch trans- 
parent proxy. 

Novell Internet Caching System includes a high performance, 
scalable Cache Object Store with fault tolerance capabilities such 
as disk cloning, disk mirroring, and cache clustering. You can in- 
stall Novell Internet Caching System on Cisco, UNIX, Windows 
NT, NetWare, or other switch and router environments in fewer 
than 10 minutes. Novell Internet Caching System is easy to man- 
age from any location using standard management interfaces such 
as Telnet, FTP, web browser, and serial connection interfaces. 
Novell Internet Caching System also supports Simple Network 
Management Protocol (SNMP). 

Novell Internet Caching System provides URL filtering and 
blocking as well as browser-based monitoring and logging of 
usage statistics. Novell Internet Caching System also allows 
you to perform over-the-wire upgrades. 

Novell Internet Caching System licenses are available through 
Novell’s Original Equipment Manufacturers (OEMs) that base 
their products on Intel architecture. For more information: about 
Novell Internet Caching System, visit Novell’s web site at http:// 
www.novell.com/products/nics. 


Novell Cluster Services = 
NetWare 5 Open Beta 


Novell recently announced that the open beta version of 
Novell Cluster Services for NetWare 5 is now available. 
Novell Cluster Services for NetWare 5 is a multinode clus- 


tering solution that leverages NDS and 
Novell’s ConsoleOne Java management 
tool to simplify the administration of 
clustered resources within a network. 
Novell Cluster Services for NetWare 5 
greatly increases the availability of web 
and Internet application servers for e- 
business storefronts and other transaction- 
oriented industries. 

Novell Cluster Services for NetWare 
5 uses shared disk array technology to 
eliminate the downtime that results from 
hardware or software failures. This tech- 
nology ensures that if a clustered server 
fails, applications and users running on 
that server are transparently migrated to 
another server in the cluster. 

Novell Cluster Services for NetWare 5 
provides application fan-out: Application 
fan-out allows you to redistribute any ap- 
plications that reside on a failed server to 
other servers in the cluster. In addition, 
Novell Cluster Services for NetWare 5 
provides application fan-in, allowing you 
to consolidate applications from multi- 
ple failed servers to surviving servers in 
the cluster. 

Novell Cluster Services for NetWare 
5 also provides automatic reconnect fea- 
tures, which enable transparent migration 
of IP-based clients from failed servers to 
surviving servers in the cluster. 

You can download the open beta 
version of Novell Cluster Services for 
NetWare 5 at http://support.novell.com/ 
beta/public. For more information, call 
1-888-321-4272 or 1-801-228-4272, or 
visit Novell’s web site at http://www. 
novell.com/products/clusters. 


Are a. - are ae — 


Novell has announced two new 
NetWare products, code-named 6 Pack 
and Modesto, that will provide next- 
generation, web-based networking ser- 
vices in the near future. 

6 Pack, which builds upon the features 
of NetWare 5, will provide enhanced net- 
work performance, scalability, and man- 
agement capabilities by enabling all of 
NetWare’s core networking services to 
take advantage of multi-processors. 6 Pack 
will also incorporate NDS 8, which en- 
ables companies to manage millions of ob- 
jects reliably and securely on one server. 


Modesto is Novell’s 64-bit server oper- 
ating system that is designed to run on In- 
tel’s upcoming IA-64 processor family, be- 
ginning with the Merced processor. Novell 
will be the first vendor in the computer in- 
dustry to demonstrate an application and 
64-bit server operating system on a Mer- 
ced software development environment. 

Novell and Intel are working toward 
a simultaneous release of Modesto and 
the Merced processor during mid-2000. 


rv aaeiy =e Saeed 


Novell and Apex Global Internet Ser- 
vices (AGIS), a global multimedia and 
data communications company, recently 
announced a partnership to develop dir- 
ectory-enabled Internet services for enter- 
prise networks. These services will enable 
companies to receive secure, reliable, and 
rapid data service from a single source, 
such as a local exchange carrier or an 


Novell. 


Internet service provider (ISP). As the 
first step towards delivering these servic- 
es, AGIS will soon release a managed 
Virtual Private Networking (VPN) solu- 
tion, which bundles NDS and Novell’s 
BorderManager VPN Services 3. 

Because this managed VPN solution is 
based on NDS, you can manage and co- 
ordinate user information, company poli- 
cies, network configuration specifications, 
and network addresses through a single, 
distributed directory. 

NDS also provides a single data source. 
In addition, NDS allows you to assign a 
single username and password to users. 
As a result, remote users, telecommuters, 
and roaming users have secure access to 
your company’s network regardless of 
their location. 

To read the press release announcing 
the managed VPN solution, visit AGIS’s 
web site at http://www.agis.net. You can 
also call 1-800-380-AGIS or 1-313- 
730-1130. @ 


For more information, visit http://advertise.nwconnection.com. 


Connection 


Get With the Program 


Matthew Jones 


Pl ow that the Internet provides everything from stock quotes 
to weather forecasts, it’s easy to forget that one of the ori- 
ginal purposes of the Internet was to serve as an open forum for 
programmers. By visiting the web sites featured in this article, you 
can find a range of programming information, whether you are a 
novice or an experienced programmer. You can then check out 
this month’s network resources, which offer support for NetWare 
developers. You can also take a look at this month’s games, 
and you can read about the new products I have found. (See 
“Product Snapshots.”) 


WEB SITES 

If you are looking for programming utilities, Programmers’ 
Heaven (http://www.programmersheaven.com) is the web site for 
you. At Programmers’ Heaven, you can download hundreds of 
shareware and freeware programming utilities for several program- 
ming languages, such as C++, Visual Basic, and Java. You can also 
download programming utilities that allow you to create games or 
to add sound capabilities to the software you are developing. In 
addition, you can access even more programming resources by 
purchasing a set of two CD-ROMs. These CD-ROMs contain 
more than 12,000 programming utilities, source codes, compo- 
nents, routines, help files, and examples. 

WebKnowHow.net (http://www.webknowhow.net) provides 
programming resources for developers who want to write web- 
based software or to incorporate web-based features into other 
types of software. For example, you can download programming 
utilities and tools, including Common Gateway Interface (CGI) 
scripts and Java applets. You can even access programming tutor- 
ials, such as tutorials about optimizing graphics and creating on- 
line databases. You can also read programming articles, such as 
articles about using Server Side Include (SSI) commands and 
integrating effective designs with HTML codes. 

If you still have programming questions after you check out 
these resources, you can submit your questions through Inquiry. 
com (http://www.inquiry.com). Inquiry.com offers free forums that 
are monitored by professional developers who can answer your 
questions about application, database, and web development. 
These forums allow you to submit programming questions about 
various platforms, including Windows, Informix, and Java. You can 
read descriptions and reviews of more than 5,000 programming 
utilities. You can also find information about upcoming developer- 
related events, and you can browse developer-related job listings. 


NETWORK RESOURCES 

If you haven’t visited Novell’s DeveloperNet (http://developer. 
novell.com) lately, what are you waiting for? DeveloperNet is an 
essential web site for anyone who is interested in developing soft- 
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ware that works with Novell products. You can download free 
development tools, such as the Novell Developer Kit, which in- 
cludes components to help you develop software that works with 
a particular Novell product, such as NetWare, Novell Directory 
Services (NDS), BorderManager, or GroupWise. To minimize 
download time, you can download only the pieces of the Novell 
Developer Kit that you need. 

You can also read the latest issues of Novell’s DeveloperNotes 
and AppNotes online, and you can access an archive of back is- 
sues. In addition, you can view a complete list of products that 
have earned Novell’s Yes, Tested and Approved certification, and 
you can find out how to submit your own software for testing and 
certification. You can even find out how Novell is helping devel- 
opers market their products, and you can view a calendar of up- 
coming developer events. 


STANDALONE GAME OF THE MONTH 

RollerCoaster Tycoon from Hasbro Interactive is a simulation 
game that allows you to design and manage a virtual amusement 
park. First, you must lay paths, garbage cans, and benches. You 
must also build rest rooms, and you must provide places for guests 
to buy something to eat and drink. Depending on the terrain, you 
might even have to remove trees and to raise or lower land. 

The next step is to build some rides. You have many rides to 
choose from, including a Ferris wheel, a haunted house, and a log 
flume. Of course, the centerpiece of RollerCoaster Tycoon is the 
advanced construction engine that allows you to create a variety 
of roller coasters. You can create an ordinary wooden or steel 
roller coaster, or you can create more complicated roller coasters, 
such as bobsled, corkscrew, and suspended roller coasters. You can 
use a preexisting design, or you can design your own roller coaster, 
creating as many twists, turns, and drops as you want. 

The success of your amusement park is determined by how 
many guests you have at the end of the game. To attract guests, 
you must specify a reasonable admission fee, and you must create 
a pleasant atmosphere by hiring entertainers, handymen, and 
security guards. You can also initiate several types of marketing 
campaigns, including advertisements and vouchers for half-price 
tickets. You can also dedicate money to research and develop- 
ment, enabling the invention of state-of-the-art rides. 

RollerCoaster Tycoon supports Windows 98 and 95. You 
can purchase RollerCoaster Tycoon through retail channels at 
the suggested retail price of U.S. $39.95, and you can down- 
load a demo version from http://www.rollercoastertycoon. 
com/test. (You can also download additional rides from this 
web site.) For more information, visit the official RollerCoaster 
Tycoon web site (http://www.rollercoastertycoon.com). You 


can also call 1-800-400-1352. 


Product Snapshots 


When | am surfing the Internet, | often find new and interesting 
products. Product Snapshots gives you an overview of the most use- 
ful products | have found during the last month. (Please note that 
these are first-look reviews.) 


NORTON GHOST FOR NETWARE 

Norton Ghost for NetWare from Symantec Corp. is a software 
product that allows you to duplicate entire NetWare volumes, 
NetWare partitions, or hard drives for any NetWare 5, 4.x, or 3 ser- 
ver. This capability simplifies the process of upgrading hard drives or 
migrating data from one server to another. In addition, this capa- 
bility allows you to create a complete backup quickly and easily. 

Norton Ghost for NetWare creates an image file that contains 
all volume, partition, or hard drive information. Norton Ghost for 
NetWare then copies the image file from the source hard drive to 
the target hard drive, without requiring you to install NetWare on 
the target hard drive. The source and the target hard drive can be 
located in the same server, or they can be located in different ser- 
vers that are connected via a network running TCP/IP 

You can also copy image files to removable storage media, such 
as Zip disks, Jaz disks, or CD-ROMs. You can even split a single 
image file across multiple disks or CD-ROMs. In addition, you can 
copy image files to and load them from backup tapes. 

One of the best features of Norton Ghost for NetWare is that 
the source and the target hard drive do not have to be the same 
size. Another useful feature is that only the necessary volume, parti- 
tion, or hard drive information is saved to an image file. As a result, 
Norton Ghost for NetWare does not copy the volume, partition, or 
hard drive information on a sector-by-sector basis, which requires 
a lot of time and space. 

Norton Ghost for NetWare is scheduled for release sometime 
this quarter. You can download a beta version from http://www. 
ghost4nw.com/evaluation. Symantec has established pricing for 
Norton Ghost for NetWare but has not yet released pricing infor- 
mation. You can get information about pricing and additional 
product information by calling Symantec at 1-800-745-6054 or 
1-541-334-6054. You can also visit the Norton Ghost for NetWare 
web site (http:/Awww.ghost4nw.com) for more information. 


NETWORK GAME OF THE MONTH 


bee $ Connection 


DS EXPERT 2.7 

DS Expert 2.7 from NetPro Computing Inc. is a software prod- 
uct that allows you to monitor the status of your company’s Novell 
Directory Services (NDS) tree. DS Expert 2.7 provides a graphical 
view of your company’s NDS tree, enabling you to quickly ascertain 
the health of the NDS database. If DS Expert 2.7 detects any prob- 
lems with the NDS database, including synchronization errors, you 
can troubleshoot these problems from a central location. 

DS Expert 2.7 consists of three components that work together 
to gather and analyze NDS information: 


¢ DS Expert Agent. The DS Expert agent is a NetWare Loadable 
Module (NLM) that runs on each server with an NDS partition. 
The DS Expert agent running on each server collects data about 
that server’s partition and sends an alert to the Windows client if 
the partition has any problems. 

Tree Monitor. The Tree Monitor is an NLM that runs on a single 
server, gathering data from all of the DS Expert agents and using 
this data to analyze the status of the NDS database. 

Windows Client. The Windows client runs on a single Windows 
98, 95, or 3.x workstation. The Windows client provides a cen- 
tralized management interface, displaying a graphical view that 
shows the real-time status of the NDS database. You can view 
detailed information about servers, partitions, and replicas in the 
NDS tree, including alerts generated by the DS Expert agents. You 
can also view statistics about the NDS database. For example, you 
can view the average number of NDS transactions that have oc- 
curred on a particular server during a specific length of time. 


You can use DS Expert 2.7 alone or in conjunction with Novell’s 
ManageWise via Simple Network Management Protocol (SNMP). 
DS Expert 2.7 also offers Management Information Base (MIB) 
support for other SNMP-based management products, such as 
IBM’s NetView and Hewlett-Packard’s OpenView. 

DS Expert 2.7 supports NetWare 5 and 4.x. You can purchase 
DS Expert 2.7 through retail channels at the suggested retail price of 
U.S. $12 per User object. You can request a free evaluation copy at 
http://www.netpro.com/survey/novellwiz2.asp. For more information, 
visit NetPro Computing’s web site (http:/Avww.netpro.com) or call 
1-800-998-5090 or 1-602-941-3600. @ 


X-Wing Alliance from LucasArts En- 
tertainment Co. is the latest action game 
based on the Star Wars movies. If you can’t 
wait to see the next Star Wars movie open- 
ing later this month, playing X-Wing Al- 
liance may just tide you over until then. 

As the game begins, you assume the 
role of a member of the Azzammen fam- 
ily, the owners of a thriving shipping 
business. You and your family are drawn 
into a conflict between the Empire and 
the Alliance, and you choose to fight 
with the Alliance. You then participate 
in battles while helping your family with 
their shipping business. For example, 
you fight in the historic Battle of Endor 


against the Death Star, and you spy on 
your family’s main competition, the 
Veraxo family. You also fly rescue and 
smuggling missions in the heat of battle. 

In the course of these missions, you 
fly several types of starships, such as the 
Millennium Falcon, an X-Wing fighter, 
and a Corellian transport ship. Each star- 
ship features a 3-D cockpit, which pro- 
vides a 360-degree view inside and out- 
side the starship. A 3-D hangar serves as 
your base of operations. Because X-Wing 
Alliance supports a screen resolution of 
up to 1600 x 1200, the 3-D graphics are 
clear and realistic. 

You can play X-Wing Alliance with 
one other person over a modem or a 


serial connection. You can also play with 
up to three other people over an Internet 
connection or with up to seven other 
people over a network connection. 

X-Wing Alliance supports Windows 
98 and 95 and is available through retail 
channels at the suggested retail price of 
U.S. $49.95. You can download a demo 
version from http://www.lucasarts.com/ 
products/alliance. For more information, 
visit the LucasArts web site (http://www. 
lucasarts.com). You can also call 1-888- 
LEC-GAMES or 1-415-507-4545. 

Matthew Jones is a manager in the e-com- 
merce practice group of Waterstone Consult- 
ing, a business consulting and systems integra- 
tion firm located in Chicago, Illinois. @ 
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Novell's CNA Study 
Guide for NetWare 5 


David James Clarke, IV 
882 pp. Item# 45426 
Weight: 4 Ibs. 

Retail Price: $74.99 
Our Price: $56.24 


CNA NevWare 5 
ig 


This study guide details the latest course ob- 
jectives from Novell Education's Course 560, 
NetWare 5 Administration. Also features a 
CNA Career Guide and practice test questions 
on CD-ROM. 


Novell's GroupWise 5.5 
User's Handbook 


Shawn B. Rogers and 
Richard H. McTague 
263 pp. Item# 45523 
Weight: 2 Ibs. 

Retail Price: $24.99 
Our Price: $18.74 


GroupWise 5.5 
User's Handbook 


Novell’s Guide to 
BorderManager 


J.D. Marymee and 
Sandy Stevens 

350 pp. Item# 4540X 
Weight: 2 Ibs. 

Retail Price: $49.99 
Our Price: $37.49 


Novell’s GroupWise 5 
Administrator's Guide 


Shawn B. Rogers and 
Richard H. McTague 
704 pp. Item# 45213 
Weight: 3 Ibs. 

Retail Price: $44.99 
Our Price: $33.74 


Novell’s Guide to Resolving 
Critical Server Issues 


Richard Jensen and 
Brad W. Dayley 

684 pp. Item# 45507 
Weight: 3 Ibs. 

Retail Price: $59.99 
Our Price: $44.99 


NetWare Connection Bookstore 


25% or More Off Retail Prices 


Novell's Guide to 
NetWare 5 and TCP/IP 


Drew Heywood 

780 pp. Item# 45647 
Weight: 3 Ibs. 

Retail Price: $49.99 
Our Price: $37.49 


This guide tells you how to implement a pure IP 
network, configure TCP/IP on different NetWare 
Clients, internetwork NetWare 5 clients, manage 
DNS servers, set up an FTP server, build a web 
server, and more. 


Novell's CNE Update to 
NetWare 5 Study Guide 


David James Clarke, IV 
742 pp. Item# 45590 
Weight: 3 Ibs. 

Retail Price: $49.99 
Our Price: $37.49 


Novell’s Guide to Creating 
IntraNetWare Intranets 
Karanjit Siyan 

777 pp. Item# 45310 

Weight: 3 Ibs. 

Retail Price: $39.99 

Our Price: $29.99 


Intranet Ware 
{nmanets 


Network Security in a 
Mixed Environment 


Dan Blacharski 

403 pp. Item# 31522 
Weight: 2 Ibs. 

Retail Price: $39.99 
Our Price: $29.99 


Novell’s Guide to NetWare 
for Small Business 4.11 


Eric Harper and David L. Gardner 
408 pp. Item# 45043 

Weight: 2 lbs. 

Retail Price: $34.99 

Our Price: $26.24 


Novell's Guide to 
NetWare 5 Networks 


Jeffrey F. Hughes and 
Blair W. Thomas 
1555 pp. Item# 45442 
Weight: 6 Ibs. 

Retail Price: $74.99 
Our Price: $56.24 


Novell’s Guide to 


This comprehensive guide will teach you how 
to install and upgrade NetWare 5 servers, de- 

sign and implement pure IP, design and im- 

plement an effective NDS tree, upgrade your 
network from IPX to IP, and more. 


Novell's NetWare 5 
Administrator's Handbook 


Kelley J.P. Lindberg 
598 pp. Item# 45469 
Weight: 3 Ibs. 

Retail Price: $39.99 
Our Price: $29.99 


TCP/IP TCP/IP Administration 


Administration 

Craig Zacker 

630 pp. Item# 31581 
Weight: 3 Ibs. 

Retail Price: $49.99 
Our Price: $37.49 


Novell’s GroupWise 5 
User’s Handbook 


Shawn B. Rogers and 
Richard H. McTague 
260 pp. Item# 45094 


Novels 
GroupWise 5 
User's Handbook 


Weight: 2 Ibs. 
Retail Price: $24.99 
Our Price: $18.74 


Novell’s Guide to LANAWAN 
Analysis: IPX/SPX 

Laura A. Chappell 

874 pp. Item# 45086 
Weight: 4 Ibs. 


Retail Price: $59.99 
Our Price: $41.99 


@ 


Novell's NDS 
Developer's Guide 


NDS éiwe™"™ 


Andrew, et al. 

712 pp. Item# 45574 
Weight: 3 Ibs. 

Retail Price: $59.99 
Our Price: $44.99 


This book demonstrates how to write net- 
work-aware applications for NDS. This guide 
is for programmers working in CORBA, Ac- 
tiveX, C, Visual Basic, Delphi, Java, and 
more. Includes bonus CD-ROM. 


Novell's GroupWise 5.5 
Administrator's Guide 


Shawn B. Rogers and 
Richard H. McTague 
736 pp. Item# 45566 
Weight: 3 Ibs. 

Retail Price: $44.99 
Our Price: $33.74 


GroupWi 
Administr 


NDS for NT 


Jeffrey F. Hughes and 
Blair W. Thomas 

432 pp. Item# 45515 
Weight: 3 Ibs. 

Retail Price: $39.99 
Our Price: $29.99 


Novell’s Guide to Integrating 
intraNetWare and NT 

J.D. Marymee and 

Sandy Stevens 

529 pp. Item# 4523X 

Weight: 3 Ibs. 

Retail Price: $44.99 

Our Price: $33.74 


Novell’s Guide to 
Networking Hardware 


Kevin Shafer 


1358 pp. Item# 45531 
Weight: 6 lbs. 

Retail Price: $69.99 
Our Price: $48.99 


Novell Advanced Technical Training Videos by Novell Technical Support Services 


VIDEO BLOWOUT SALE! 


Title 


Weight: 1Lb. Each 


Item# Title 


Retail Price: $59.95 Our Price: $35.99 


Weight: 1 Lb. Each 


LAN WorkPlace (LWP) 5.0 and the Internet 
NetWare NFS Services 2.1 

Supporting NetWare Mobile 

NetWare 4.11 Server Updates 


0214 
0218 
0219 
0255 


Novell Directory Services Health Check/Maintenance 
Integrating Windows NT into an intraNetWare Environment 
intraNetWare Client for Windows NT 

GroupWise and the Internet 


*Prices are in U.S. dollars and are subject to change. 


http://bookstore.nwconnection.com 


NetWare Connection Bookstore 


Online Shopping Cart 


The NetWare Connection Bookstore just got better. You 
already know that the NetWare Connection Bookstore 
offers great deals on the latest networking books from 
Novell Press, and you can conveniently order these books 
online at http://bookstore.nwconnection.com. With the 
new NetWare Connection shopping cart, ordering online 
is easier than ever before. 


3 WAYS TO ORDER: 


Shop online at 
http://bookstore.nwconnection.com 


Qty. Item # Product 
Total Weight UPS Ground UPS 2-Day 
1-3 Ibs. Add U.S. $5.50 or U.S. $11.50 
4-6 lbs. Add U.S. $6.50 or U.S. $13.50 
7-9 Ibs. Add U.S. $8.50 or U.S. $17.50 
10-12 lbs. Add U.S. $10.50 or U.S. $21.50 
13-15 Ibs. Add U.S. $12.50 or U.S. $25.50 
16-18 lbs. Add U.S. $14.50 or U.S. $28.50 
19-30 Ibs. Add U.S. $16.50 or U.S. $41.50 
31-40 Ibs. Add U.S. $18.50 or U.S. $62.00 


“If you live outside the continental U.S., shipping charges 
vary; you will be charged accordingly. 


2.) Fax form to 1-801-465-4755 


Order Form 


The new shopping cart is faster and provides more in- 
formation about your order. For example, for orders that 
ship in the continental U.S. you can see the shipping 
charges before you check out. In addition, after you place 
your order, you will get an e-mail message confirming that 
your order has been received. 

Check out the new NetWare Connection shopping cart 
at http://bookstore.nwconnection.com. You can e-mail your 
questions or comments to bookstore@nwconnection.com. 


Mail to Order Entry, NetWare Connection, 
PO Box 19007, Provo, UT 84605-9007 


Lbs. Total Lbs. Our Price Total 
Subtotal $ 
UT residents add 6.25% sales tax $ 
Total weight Ibs. 
Shipping charges (See box to left for charges.) $ 
Total $ 


NOTE: Most orders ship within 24 hours. However, upgrading to UPS 2-day does not guarantee 
that you will receive your order in 2 days. Please allow 1-3 working days for your order to be 
processed and 2 days for it to be shipped. (Allow up to 4 weeks for items that are out of stock.) 


Make all checks payable to NWC Bookstore. 
Personal check orders are subject to a 10-day processing period. 


Ship To: 

Name Company Name 

Shipping Address 

City. State/Province ZIP/Postal Code 
Country Phone. Fax 


Visa (1 MasterCard 


Payment Info (check one): 
Cardholder Name 


L) American Express 


Discover 


Card # 
Authorized Signature 


MAY99 


Exp. Date 


CONNECTION 


NETWARE 


Order online at http://bookstore.nwconnection.com 
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ADVERTISING AREAS | 


Deliver your message to the major players in 
the networking industry—network administrators, 
IS managers, network consultants, and systems 
integrators. Advertise in NetWare Connection! 


Contact one of our sales managers today: 


AREA 1 
Kaye Young Tel: 1-909-338-0050 
Fax: 1-909-338-0371 

AREA 2 


Steve Sansevere Tel: 1-201-814-1505 ei : 
Fax: 1-201-814-0707 Se a 
AREA 3 nn 


& 


fread ts 
Brian Smith Tel: 1-801-465-4901 se 
Fax: 1-801-465-4755 iy Ao 
AREA 4 ae 


Steve Branda Tel: 1-201-814-0500 
Fax: 1-201-814-0707 
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Try Our 
Proven I.T. 


Certification; 


Training... 


Discover the fastest and easiest way to prepare for I.T. 
certification. Our computer-based training courses provide 
a learning environment that surpasses traditional classroom 
and video courses. To prove it, we're offering a free demo 
disk of our CBT courses to I.T. professionals who call today! 


¢ Gain Valuable Skills, Knowledge and 
Technical Recognition 

¢ Open the Door to Great Career Opportunities 

e Raise Your Income 

¢ Study at Your Own Pace 

¢ Interactive Hands-on Exercises 

e Receive One-on-One Training Consulting 


Become CNE Certified... FAST! 

Provides effective training to anyone wishing to become a 
Certified Novell Engineer. Gives you the skills to implement 
high-end solutions-based technical support for network 
planning, installation and configuration for NetWare-based 
systems. Novell codeveloped and approved. 


Become Novell CIP Certified... FAST! 

Includes all the information you'll need to prepare for Novell’s 
new CIP certifications: Certified Intranet Manager and 
Certified Internet Business Strategist. Provides you with the 
ability to administrate intranets using IntranetWare. 


& FOREFRONT 


Computer-Based 
Training 
“A CBT Sieur yoniried Self-Study Courses 


NEW! Become Cisco Certified...FAST! 

Based on Cisco's own classroom courses to teach you how 
to install and maintain Cisco technologies. Fuifills the ICRC, 
ITM and ACRC requirements for the Cisco Career 
Certifications program. Cisco codeveloped and approved. 


Also Available 


e MCSE CNA ¢ A+ Certification Java 

e MCSE+Internet ¢ Cisco ¢ PC Repair ¢ COBOL 

e MCP e UNIX ° MCSD ° C++ 

° CNE ° Networking e Visual Basic ° Office 97 
¢ Novell CIP eWeb Master = Visual C++ e And More! 


I.T. Professionals Call Now 
to Get Your FREE Demo Disk! 


1-800-475-5831 
FOREFRONT 


DIRECT 
A CBT Group Company 


25400 US Hwy. 19 N., #285 ¢ Clearwater, FL 33763 NTWN 


Copyright © 1998 CBT Group. PLC. Alll rights reserved. ForeFront Direct, the ForeFront Direct logo and Forefront Direct Self-Study 
Course are trademarks of CBT Group, PLC. All other trademarks are the properties of their respective holders. Printed in the U.S.A. 


For more information, visit http://advertise.nwconnection.com. 


| The NDS Enhancement Company 


ScheMax™ 


Create and manage any new NDS attributes (e.g. social security number, 
user photo). Easily create NWADMIN snapins without programming! 
Includes a graphical schema viewer and schema extension wizard. 


KEEP QUT 


=| SFLOCK 


Secure your Windows 95/98 or NT desktop through NDS with features such 
as locking screensavers with administrator override, intruder detection after 
authentication, and network disconnection. 


SFSEND® 


Notify users of system news or event announcements by associating NDS 
users, groups or containers. Send an immediate popup message or e-mail, 
from NWADMIN. Easily display and count logged in users. 


SFLOGIN 


Simplify and enhance the login process with powerful features like contextless 
login, single sign-on to Lotus Notes, customizable login screens, network news 
messages and password synchronization. 


et Or ; 
% 3 


a 
Www.netoria.com 


Go There. Download. Network Smarter. 


Try any product FREE for 60 days! To contact Netoria please call 1-888-227-0744 (Outside the U.S. please call +1 (801) 227-0722) 


For more information, visit http://advertise.nwconnection.com. 


